Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 17, 2007

by Marianna Schmudlach / July 17, 2007 12:22 AM PDT

HP ServiceGuard Unspecified Local Privilege Escalation Vulnerability

Advisory ID : FrSIRT/ADV-2007-2544
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-17
Technical Description

A vulnerability has been identified in HP ServiceGuard, which could be exploited by local attackers to obtain elevated privileges. This issue is caused by an unspecified error. No further details have been disclosed.

Affected Products

HP ServiceGuard versions 11.x

Solution

Apply patches :
http://itrc.hp.com/

References

http://www.frsirt.com/english/advisories/2007/2544
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01091941-1

Credits

Vulnerability reported by the vendor.

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 17, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 17, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
ISS Proventia GX Series Cross Site Scripting and File Inclus
by Marianna Schmudlach / July 17, 2007 12:23 AM PDT

ISS Proventia GX Series Cross Site Scripting and File Inclusion Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2545
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-17
Technical Description

Multiple vulnerabilities have been identified in Proventia GX5108 and GX5008, which could be exploited by attackers to execute arbitrary scripting code or by malicious users to disclose sensitive information.

The first issue is caused by an input validation error in the "alert.php" script that does not validate the "reminder" parameter, which could be exploited by attackers to cause malicious scripting code to be executed by the user's browser.

The second vulnerability is caused by an input validation error in the "main.php" script when processing the "page" parameter, which could be exploited by malicious administrators to include remote or local files with the privileges of the application.

Affected Products

ISS Proventia GX5108
ISS Proventia GX5008

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2545
http://www.sybsecurity.com/hack-proventia-1.pdf

Credits

Vulnerabilities reported by Alex Hernandez.

Collapse -
Trillian "aim:" URI Handler Remote Buffer Overflow and Code
by Marianna Schmudlach / July 17, 2007 12:25 AM PDT

Trillian "aim:" URI Handler Remote Buffer Overflow and Code Injection Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2546
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-17
Technical Description

Two vulnerabilities have been identified in Trillian, which could be exploited by remote attackers to take complete control of an affected system.

The first issue is caused by an input validation error when processing the "ini" parameter supplied via "aim://" URIs, which could be exploited by remote attackers to create arbitrary files on an affected system by tricking a user into visiting a specially crafted web page.

The second vulnerability is caused by a buffer overflow error in the "aim.dll" module when processing an overly long "aim://" URI, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into visiting a malicious web page.

Affected Products

Trillian Basic version 3.1.6.0 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2546
http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html

Credits

Vulnerabilities reported by Nate Mcfeters, Billy (BK) Rios and Raghav (the Pope) Dube.

Collapse -
PHP "glob()" Function Arguments Processing Arbitrary Code Ex
by Marianna Schmudlach / July 17, 2007 12:27 AM PDT

PHP "glob()" Function Arguments Processing Arbitrary Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2547
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-17
Technical Description

A vulnerability has been identified in PHP, which could be exploited by malicious users to bypass security restrictions and execute arbitrary code. This issue is caused by an error when handling uninitialized structures within the "glob()" function, which could be exploited by attackers to execute arbitrary code via a specially crafted PHP script and bypass "open_basedir" and "safe_mode" restrictions.

Affected Products

PHP version 5.2.3 and prior

Solution

A fix is available via CVS :
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log

References

http://www.frsirt.com/english/advisories/2007/2547

Credits

Vulnerability reported by shinnai.

Collapse -
MailMarshal Spam Quarantine Management Interface Information
by Marianna Schmudlach / July 17, 2007 12:42 AM PDT

MailMarshal Spam Quarantine Management Interface Information Disclosure

Secunia Advisory: SA26018
Release Date: 2007-07-17


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: MailMarshal SMTP 2006
MailMarshal SMTP 6.x


Description:
Gary O'leary-Steele has reported a vulnerability in MailMarshal, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused by an error within the handling of email addresses in the password reset functionality of the Spam Quarantine Management Interface. This can be exploited to reset a user's password and send copies of the new password to other email addresses by passing a specially crafted email address to the password reset feature.

Successful exploitation requires that the attacker knows the email address of the target user.

Solution:
Update to version 6.2.1.

Provided and/or discovered by:
Gary O'leary-Steele, Sec-1.

Original Advisory:
MailMarshal:
http://www.marshal.com/software/mailm...Notes-6.2.1.3252.htm#Change%20History

Sec-1:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.html

Collapse -
Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified
by Marianna Schmudlach / July 17, 2007 12:43 AM PDT

Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified Vulnerability

Secunia Advisory: SA26064
Release Date: 2007-07-17


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Kaspersky Anti-Virus for Check Point FireWall-1 5.x


Description:
A potential vulnerability has been reported in Kaspersky Anti-Virus for Check Point FireWall-1, which may be exploited to cause a DoS (Denial of Service).

An unspecified error may cause the anti-virus kernel to freeze. No further details are available.

Solution:
Apply Critical Fix-1 (Build 5.5.161.0).
http://www.kaspersky.com/productupdates?chapter=146274607

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://support.kaspersky.com/checkpoint?qid=208279464

Collapse -
Jasmine CMS "profile_email" Script Insertion
by Marianna Schmudlach / July 17, 2007 12:45 AM PDT

Secunia Advisory: SA26071
Release Date: 2007-07-17


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Jasmine CMS 1.x

Description:
m4t4d00r has discovered a vulnerability in Jasmine CMS, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the "profile_email" parameter in profile.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious e-mail address is viewed.

Successful exploitation requires that both the attacker and the target user have valid user credentials.

The vulnerability is confirmed in version 1.0_1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
m4t4d00r

Collapse -
rPath update for perl-Net-DNS
by Marianna Schmudlach / July 17, 2007 12:46 AM PDT

Secunia Advisory: SA26075
Release Date: 2007-07-17


Critical:
Less critical
Impact: Spoofing
DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for perl-Net-DNS. This fixes a vulnerability, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service).

For more information:
SA25829

Solution:
Update to "perl-Net-DNS=/conary.rpath.com@rpl:devel//1/0.60-1-0.1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2007-July/000212.html

Other References:
SA25829:
http://secunia.com/advisories/25829/

Collapse -
Red Hat update for tomcat
by Marianna Schmudlach / July 17, 2007 12:48 AM PDT

Secunia Advisory: SA26076
Release Date: 2007-07-17


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)

Description:
Red Hat has issued an update for tomcat. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

For more information:
SA25678

Solution:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0569.html

Other References:
SA25678:
http://secunia.com/advisories/25678/

Collapse -
rPath update for xorg-x11
by Marianna Schmudlach / July 17, 2007 12:49 AM PDT

Secunia Advisory: SA26081
Release Date: 2007-07-17


Critical:
Not critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: rPath Linux 1.x


Description:
rPath has issued an update for xorg-x11. This fixes a vulnerability, which can be exploited by malicious, local users to perform actions with escalated privileges.

For more information:
SA26056

Solution:
Update to the latest versions:

xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.6-1
xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.6-1
xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.6-1
xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.6-1

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2007-July/000211.html

Other References:
SA26056:
http://secunia.com/advisories/26056/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.