Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 23, 2008

IPCop update for various packages

Secunia Advisory: SA31204
Release Date: 2008-07-23


Critical:
Moderately critical
Impact: Security Bypass
Spoofing
DoS

Where: From remote

Solution Status: Vendor Patch


OS: IPCop 1.4.x

Description:
An updated version of IPCop has been released, which fixes some vulnerabilities in bzip2, dnsmasq, and snort, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and poison the DNS cache.

Solution:
Update to version 1.4.19 or 1.4.20.

Original Advisory:
http://www.ipcop.org/index.php?name=News&file=article&sid=40

Other References:
SA29410:
http://secunia.com/advisories/29410/

SA30348:
http://secunia.com/advisories/30348/

SA31197:
http://secunia.com/advisories/31197/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 23, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 23, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
SocialEngine SQL Injection and Code Execution

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31203
Release Date: 2008-07-23


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
System access

Where: From remote

Solution Status: Vendor Patch


Software: SocialEngine 2.x

Description:
Tim Loshak has reported some vulnerabilities in SocialEngine, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct SQL injection attacks and bypass certain security restrictions.

Solution:
Update to version 2.83.

Provided and/or discovered by:
Tim Loshak

Original Advisory:
SocialEngine:
http://www.socialengine.net/news.php

Tim Loshak:
http://seclists.org/bugtraq/2008/Jul/0194.html

Collapse -
SUSE update for kernel

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31202
Release Date: 2008-07-23


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 11.0

Description:
SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html

Other References:
SA30719:
http://secunia.com/advisories/30719/

SA31048:
http://secunia.com/advisories/31048/

Collapse -
Claroline Multiple Cross-Site Scripting Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31201
Release Date: 2008-07-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Claroline 1.x

Description:
Digital Security Research Group have reported some vulnerabilities in Claroline, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed in the URL to announcements/messages.php, auth/lostPassword.php, auth/profile.php, calendar/myagenda.php, group/group.php, learnPath/learningPath.php, learnPath/learningPathList.php, learnPath/module.php, phpbb/index.php, tracking/courseLog.php, tracking/course_access_details.php, tracking/delete_course_stats.php, tracking/userLog.php, tracking/user_access_details.php, user/user.php, and user/userInfo.php, the "view" parameter in tracking/courseLog.php, and "toolId" in tracking/toolaccess_details.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. All the scripts are located in the "claroline/" directory.

The vulnerabilities are reported in version 1.8.10. Prior versions may also be affected.

Solution:
Update to version 1.8.11.

Provided and/or discovered by:
Digital Security Research Group

Original Advisory:
Claroline:
http://sourceforge.net/project/shownotes.php?release_id=615030

Digital Security Research Group:
http://seclists.org/bugtraq/2008/Jul/0199.html

Collapse -
Ubuntu update for dnsmasq

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Collapse -
dnsmasq Denial of Service and DNS Cache Poisoning

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31197
Release Date: 2008-07-23


Critical:
Moderately critical
Impact: Spoofing
DoS

Where: From remote

Solution Status: Vendor Patch


Software: Dnsmasq 2.x

Description:
Some vulnerabilities have been reported in dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) and poison the DNS cache.

Solution:
Update to version 2.45.

Provided and/or discovered by:
1) Dan Kaminsky, IOActive
2) The vendor thanks Carlos Carvalho

Original Advisory:
dnsmasq release announcements:
http://article.gmane.org/gmane.network.dns.dnsmasq.general/2156
http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189
http://article.gmane.org/gmane.network.dns.dnsmasq.general/2199

Vendor statement regarding DNS cache poisoning:
http://article.gmane.org/gmane.network.dns.dnsmasq.general/2176

Collapse -
Moodle Script Insertion and Cross-Site Request Forgery

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31196
Release Date: 2008-07-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Moodle 1.6.x
Moodle 1.7.x

Description:
ProCheckUp Ltd have reported two vulnerabilities in Moodle, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site request forgery attacks.

Solution:
Update to version 1.6.7 or 1.7.5.

Provided and/or discovered by:
Adrian Pastor and Amir Azam, ProCheckUp Ltd.

Original Advisory:
Moodle:
1) http://moodle.org/mod/forum/discuss.php?d=101401
2) http://moodle.org/mod/forum/discuss.php?d=101405

ProCheckUp:
1) http://www.procheckup.com/Vulnerability_PR08-13.php
2) http://www.procheckup.com/Vulnerability_PR08-16.php

Collapse -
Geeklog Forum Plugin Search Cross-Site Scripting Vulnerabili

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31188
Release Date: 2008-07-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Forum 2.x (plugin for Geeklog)

Description:
A vulnerability has been reported in the Forum plugin for Geeklog, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input in the forum search is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Update to version 2.7.1.

Provided and/or discovered by:
The vendor credits Yosuke Yamada of NetAgent Co., Ltd, reported via JPCERT/CC.

Original Advisory:
http://www.geeklog.net/article.php/20080719093147449

Collapse -
Pre Survey Poll "catid" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31187
Release Date: 2008-07-23


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Pre Survey Poll

Description:
DreamTurk has reported a vulnerability in Pre Survey Poll, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
DreamTurk

Original Advisory:
http://milw0rm.com/exploits/6119

Collapse -
Asterisk Two Denial of Service Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31178
Release Date: 2008-07-23


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: Asterisk 1.x
Asterisk Appliance Developer Kit 0.x
Asterisk Business Edition 2.x



Description:
Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks.

Solution:
Asterisk Open Source 1.2.x:
Update to version 1.2.30.

Asterisk Open Source 1.4.x:
Update to version 1.4.21.2.

Asterisk Business Edition B.x.x.x:
Update to version B.2.5.4.

Asterisk Business Edition C.x.x.x:
Update to version C.1.10.3.

s800i (Asterisk Appliance) 1.0.x:
Update to version 1.2.0.1.

Provided and/or discovered by:
1) The vendor credits Jeremy McNamara.
2) Tilghman Lesher, Digium

Original Advisory:
http://downloads.digium.com/pub/security/AST-2008-010.html
http://downloads.digium.com/pub/security/AST-2008-011.html

Collapse -
Fedora update for mantis

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31171
Release Date: 2008-07-23


Critical:
Moderately critical
Impact: Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks.

Solution:
Apply updated packages via the yum utility ("yum update mantis").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00813.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00801.html

Other References:
SA30270:
http://secunia.com/advisories/30270/

Collapse -
YouTube Blog Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31161
Release Date: 2008-07-23


Critical:
Highly critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: YouTube Blog 0.x

Description:
Some vulnerabilities have been discovered in YouTube Blog, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Provided and/or discovered by:
1-3) unohope
4) An anonymous person

Original Advisory:
1-3) http://milw0rm.com/exploits/6117

Collapse -
Apple Safari Cross-Domain Cookie Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Secunia Advisory: SA31128
Release Date: 2008-07-23


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: Safari 3.x
Safari for Windows 3.x

Description:
A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions.

The problem is that websites are allowed to set cookies for certain country-specific secondary top-level domains. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au).

The vulnerability is confirmed in Apple Safari for Windows 3.1.2. Other versions may also be affected.

Solution:
Do not browse untrusted web sites or follow untrusted links.

Provided and/or discovered by:
kuza55

Original Advisory:
http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html

Collapse -
RIM issues patch for serious BlackBerry flaw

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Business users: apply now
By Dan Goodin in San Francisco

Published Tuesday 22nd July 2008

Research in Motion has issued a patch for a serious security flaw that puts businesses using the ubiquitous BlackBerry at risk.

The vulnerability affects the BlackBerry Enterprise Server versions 4.1.3 through 4.1.5 and BlackBerry Professional Software 4.1.4. It resides in a component that processes PDF files. Attackers could exploit it by sending a booby-trapped document that could execute malicious code on a victim's device. Secunia rated the flaw "highly critical," the second highest notch on its five-tier rating system.

RIM recommends all users install the update as soon as possible, or at least apply a workaround. More information can be found here.

Collapse -
Solaris gets another Common Criteria certification

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Sun's Solaris 10 operating system with Trusted Extensions has obtained Common Criteria certification for the Labelled Security Protection Profile (LSPP) at Evaluation Assurance Level (EAL) 4+. EAL 4+ is one of the highest commonly recognised assurance levels with very few operating systems exceeding it.

The certification applies to both the x86/64 and SPARC versions of the operating system. The Canadian auditors CGI have also included in the testing process a multi-level secured version of the Gnome GUI and desktop. Often, certified systems have only been tested and certified for command line usage.

More: http://www.heise-online.co.uk/security/Solaris-gets-another-Common-Criteria-certification--/news/111155

Collapse -
Exploit published for buffer overflow in BEA WebLogic

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

A hacker known as KingCope has discovered a potential buffer overflow in BEA WebLogic which can at least trigger system crashes, but may also be exploited to remotely inject and execute arbitrary code. The flaw is caused by Apache Connector which appears not to check certain POST requests sufficiently.

According to comments the published exploit is "broken" and doesn't function properly. Nevertheless, security providers FrSIRT and Secunia have rated the vulnerability as critical and highly critical respectively. According to Secunia, versions 5 to 10 are affected. No patch has so far become available. The only protection currently available is to filter the server's network traffic in order to minimise the risk of an attack.

http://www.heise-online.co.uk/security/Exploit-published-for-buffer-overflow-in-BEA-WebLogic--/news/111156

Collapse -
Major DNS Cache-Poisoning Vulnerability: Patch Now

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

While this is completely unrelated to any particular malware, there is a rather disconcerting DNS cache-poisoning vulnerability that has surfaced which deserves the attention of any and every organization on the planet which operates their own DNS servers.

The importance of determining if you are vulnerable, and getting the vulnerability fixed quickly, is becoming more important as each days passes. This is due not only to the criticality of the vulnerability, but also due to some of the ?colorful? background in how some of the details have become available surrounding the vulnerability itself.

More: http://blog.trendmicro.com/

Collapse -
iPhone vulnerable to phishing, spamming flaws

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Posted by Ryan Naraine

Security researcher Aviv Raff (left) has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks.

According to an advisory from Raff, the iPhone?s Mail and Safari applications are susceptible to a URL Spoofing vulnerability which allow attackers to conduct phishing attacks.

By creating a specially crafted URL, and sending it via an email, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain (e.g. Bank, PayPal, Social Networks, etc.).

When clicking on the URL, the Safari browser will be opened. The spoofed URL, showed in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain.

More: http://blogs.zdnet.com/security/?p=1541

Collapse -
NAT/PAT Affects DNS Cache Poisoning Mitigation

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

added July 23, 2008 at 02:13 pm

US-CERT released a Current Activity entry and a Vulnerability Note on July 8, 2008 regarding deficiencies in DNS implementations. These deficiencies could leave an affected system vulnerable to cache poisoning. Technical details regarding this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch systems or apply workarounds immediately.

A number of patches implement source port randomization in the name server as a way to reduce the practicality of cache poisoning attacks. Administrators should be aware that in infrastructures where nameservers exist behind Network Address Translation (NAT) and Port Address Translation (PAT) devices, port randomization in the nameserver may be overwritten by the NAT/PAT device and a sequential port address could be allocated. This may weaken the protection offered by source port randomization in the nameserver.

More: http://www.us-cert.gov/current/current_activity.html#nat_pat_affects_dns_cache

Collapse -
Multiple DNS implementations vulnerable to cache poisoning

In reply to: VULNERABILITIES \ FIXES - July 23, 2008

Date:07.23.2008

Threat Type: Malicious Web Site / Malicious Code

Websense

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.