Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 24, 2008

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 24, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 24, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Drupal Session Fixation Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31211
Release Date: 2008-07-24


Critical:
Less critical
Impact: Hijacking

Where: From remote

Solution Status: Vendor Patch


Software: Drupal 5.x
Drupal 6.x

Description:
A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks.

An error in the handling of certain sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

The vulnerability is reported in all 5.x versions prior to 5.9 and all 6.x versions prior to 6.3.

Solution:
Update to version 5.9 or 6.3.

Apply patch to 5.8:
http://drupal.org/files/sa-2008-046/SA-2008-046-5.8.patch

Provided and/or discovered by:
The vendor credits Erich C. Beyrent. Additional information from dmnd.

Original Advisory:
http://drupal.org/node/280571
http://drupal.org/node/286417

Collapse -
Slackware update for dnsmasq

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Collapse -
IPCop update for perl

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31208
Release Date: 2008-07-24


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: IPCop 1.4.x

Description:
An updated version of IPCop has been released, which fixes some vulnerabilities in perl, which can potentially be exploited by malicious people to cause a Denial of Service or to compromise a vulnerable perl application.

Solution:
Update to version 1.4.21.

Original Advisory:
http://www.ipcop.org/index.php?name=News&file=article&sid=41

Other References:
SA17802:
http://secunia.com/advisories/17802/

SA27546:
http://secunia.com/advisories/27546/

Collapse -
Debian update for clamav

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31206
Release Date: 2008-07-24


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1616

Other References:
SA30657:
http://secunia.com/advisories/30657/

Collapse -
Ubuntu update for php

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31200
Release Date: 2008-07-24


Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Original Advisory:
http://www.ubuntu.com/usn/usn-628-1

Other References:
SA30048:
http://secunia.com/advisories/30048/

SA30916:
http://secunia.com/advisories/30916/

Collapse -
Red Hat update for kernel

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31198
Release Date: 2008-07-24


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Updated packages are available via the Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0607.html

Other References:
SA30241:
http://secunia.com/advisories/30241/

Collapse -
Red Hat update for thunderbird

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31195
Release Date: 2008-07-24


Critical:
Highly critical
Impact: Spoofing
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux Desktop (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0616.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA30911:
http://secunia.com/advisories/30911/

Collapse -
Fedora update for asterisk

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31194
Release Date: 2008-07-24


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Fedora 8

Description:
Fedora has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks

Solution:
Apply updated packages via the yum utility ("yum update asterisk").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html

Other References:
SA31178:
http://secunia.com/advisories/31178/

Collapse -
Debian update for xulrunner

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31183
Release Date: 2008-07-24


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00199.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA30911:
http://secunia.com/advisories/30911/

SA31120:
http://secunia.com/advisories/31120/

Collapse -
Debian update for iceweasel

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31176
Release Date: 2008-07-24


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00198.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA31120:
http://secunia.com/advisories/31120/

Collapse -
Linux Kernel LDT Buffer Size Handling Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Secunia Advisory: SA31172
Release Date: 2008-07-24


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: Linux Kernel 2.6.x

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

The vulnerability is caused due to an error within the LDT buffer size handling on x86_64 machines and can be exploited to crash a system or execute arbitrary code with kernel privileges.

The vulnerability is reported in versions prior to 2.6.25.11.

Solution:
Update to version 2.6.25.11.

Provided and/or discovered by:
Reported in a SUSE advisory.

Original Advisory:
SUSE:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html

Linux Kernel 2.6.25.11 ChangeLog:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.11

Collapse -
DNS Cache Poisoning Public Exploit Code Available

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

added July 24, 2008 at 10:00 am

US-CERT is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver's clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker's control.

US-CERT strongly urges administrators to patch affected systems immediately. Please review the following US-CERT documents for further details:


Current Activity - DNS Implementations Vulnerable to Cache Poisoning
Current Activity - NAT/PAT Affects DNS Cache Poisoning Mitigation
Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning
Technical Cyber Security Alert TA08-190B - Multiple DNS implementations vulnerable to cache poisoning
US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#dns_cache_poisoning_public_exploit

Collapse -
Networks riddled with vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Defences not changing with the times, say experts

Written by Clement James

vnunet.com, 24 Jul 2008


Security experts have warned that there is at least one vulnerability in the network layer of every corporate network.

The research also found that almost all networks have at least one vulnerability in the application layer.

Security firm Orthus this week published an analysis of 100 in-depth security tests conducted over the past five years,

The firm claims that this provides an insight into how security weaknesses and attack vectors have evolved, and how organisations' defences have changed in response.

More: http://www.vnunet.com/vnunet/news/2222462/networks-riddled-flaws

Collapse -
Apple's iPhone Mail, Safari Apps Vulnerable To Attack

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Apple's iPhone Mail and Safari apps under the iPhone 1.1.4 and 2.0 firmware are vulnerable to URL spoofing, a security researcher said Wednesday.

By Thomas Claburn
InformationWeek
July 24, 2008 08:30 AM


Apple's iPhone Mail and Safari applications are vulnerable to URL spoofing, security researcher Aviv Raff said on Wednesday.
"By creating a specially crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain...," Raff explained in a blog post. "When clicking on the URL, the Safari browser will be opened. The spoofed URL, [shown] in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain."

More: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=209600149&cid=RSSfeed_IWK_Security

Collapse -
Asterisk IAX 'POKE' Resource Exhaustion

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Summary
By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG.

Credit:
The information has been provided by Jeremy McNamara.
The original article can be found at: http://downloads.digium.com/pub/security/AST-2008-010.html

http://www.securiteam.com/unixfocus/5HP0P15OUK.html

Collapse -
EMC Centera Universal Access SQL Injection

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Summary
The user name field of the CUA Module Login does not sanitize user input allowing for an attacker to run arbitrary SQL code. Through "--" syntax it is possible to comment out the password check allowing an attacker to log in with the first available user name in the table. After performing this several times or by searching through the "Accounts" tab within the CUA Module an attacker can gather a list of all users. With this list an attacker can select an administrator account and log in with this by simply entering the user name followed by "--".

Credit:
The information has been provided by Aaron Brown.

http://www.securiteam.com/unixfocus/5GP0O15OUE.html

Collapse -
Kaminsky DNS Cache Poisoning Flaw (Exploit)

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

Summary
This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.

Credit:
The information has been provided by I)ruid.
The original article can be found at: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

http://www.securiteam.com/exploits/5EP0M15OUQ.html

Collapse -
Thunderbird 2.0.0.16

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

What's New in Thunderbird 2.0.0.16

Release Date:
July 23, 2008
Security Update:
The following security issues have been fixed.
Earlier Changes:
For information about previous changes, please see the Thunderbird 2.0.0.14 Release Notes
Thunderbird 2 Features:
For an overview, please see Thunderbird 2 Features.

More:

http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/

Collapse -
Mozilla releases Thunderbrid 2.0.0.16, fixes security vulner

In reply to: Thunderbird 2.0.0.16

Collapse -
Is your home system vulnerable to a DNS cache poisoning?

In reply to: VULNERABILITIES \ FIXES - July 24, 2008

July 24, 2008

Posted by Robert Vamosi

On Wednesday, an exploit code allowing someone to attack the domain name system (DNS) became available. No one has yet used the code, but the advice is simple: Patch. Now. While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.

First, to determine whether your DNS system is vulnerable, use either of these tests:


Dan Kaminsky
DNS Operations, Analysis, and Research Center

If the test returns a message similar to "Your name server, at 2xx.2xx.1xx.1x, appears vulnerable to DNS Cache Poisoning," then you may need to patch your desktop system.

More: http://news.cnet.com/8301-1009_3-9998625-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

Collapse -
Strange!! Just Tried Test on DNS....

In reply to: Is your home system vulnerable to a DNS cache poisoning?

using my Sea Monkey 1.1.10 and both returned: "Unable to find address"!!
Both sites seem to be "up" but test button's target links are gone!
Perhaps had to take down due to massive response threatening to crash server?? S ConfusedWink

Collapse -
I tested too......... I got.....

In reply to: Strange!! Just Tried Test on DNS....

for shaw.ca

Your name server, at 64.59.168.13, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.
--------------------------------------------------------------------------------
Requests seen for 1953fc2c056e.toorrr.com:
64.59.168.13:50313 TXID=59749
64.59.168.13:21878 TXID=10930
64.59.168.13:63088 TXID=52986
64.59.168.13:52298 TXID=26620
64.59.168.13:20937 TXID=63155

Collapse -
(NT) I See You Tried Next Day, I'll Try Again! Thx! :D

In reply to: Strange!! Just Tried Test on DNS....

Collapse -
Web-based DNS Randomness Test

In reply to: I See You Tried Next Day, I'll Try Again! Thx! :D

US-CERT's Vulnerability Note VU#800113 describes deficiencies in the DNS protocol and implementations that can facilitate cache poisoning attacks. The answers from a poisoned nameserver cannot be trusted. You may be redirected to malicious web sites that will try to steal your identity or infect your computers with malware. On August 7, 2008, Dan Kaminsky will release the details of how such attacks can be launched against vulnerable DNS resolvers.

The essence of the problem is that DNS resolvers don't always use enough randomness in their transaction IDs and query source ports. Increasing the amount of randomness increases the difficulty of a successful poisoning attack.

This page exists to help you learn if your ISP's nameservers are vulnerable to this type of attack. If you click on the button below, we will test the randomness of your ISP DNS resolver.

More: https://www.dns-oarc.net/oarc/services/dnsentropy

The test takes a few seconds to complete.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!