Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 25, 2008

Red Hat update for kernel



Secunia Advisory: SA31229
Release Date: 2008-07-25


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4


Description:
Red Hat has issued an update for kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0665.html

Other References:
SA21515:
http://secunia.com/advisories/21515/

SA31048:
http://secunia.com/advisories/31048/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 25, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 25, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for nss_ldap

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31227
Release Date: 2008-07-25


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.

Solution:
Updated packages are available via the Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0715.html

Other References:
SA27670:
http://secunia.com/advisories/27670/

Collapse -
Red Hat update for mysql

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31226
Release Date: 2008-07-25


Critical:
Less critical
Impact: Security Bypass
DoS

Where: From local network

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to bypass certain security restrictions.

Solution:
Updated packages are available via the Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0768.html

Other References:
SA19929:
http://secunia.com/advisories/19929/

SA21259:
http://secunia.com/advisories/21259/

SA25301:
http://secunia.com/advisories/25301/

SA30134:
http://secunia.com/advisories/30134/

Collapse -
Red Hat update for coreutils

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31225
Release Date: 2008-07-25


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for coreutils. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

A configuration error of the pam_succeed_if.so module exists in /etc/pam.d/su. This can be exploited to change to an expired or locked account using the "su" command.

Successful exploitation requires that the password of the locked or expired account is known.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0780.html

Collapse -
Red Hat update for rdesktop

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31224
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Description:
Red Hat has issued an update for rdesktop. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0575.html

Other References:
SA30118:
http://secunia.com/advisories/30118/

Collapse -
Red Hat update for vsftpd

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31223
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 3
RedHat Enterprise Linux ES 3


Description:
Red Hat has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak when using PAM and can be exploited to exhaust all available memory via multiple invalid authentication requests.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0579.html

Collapse -
Citrix NetScaler DNS Cache Poisoning

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31221
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Unpatched


OS: Citrix Netscaler 8.x

Description:
Citrix has acknowledged a vulnerability in NetScaler, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to NetScaler not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.

The vulnerability is reported in NetScaler up to and including version 8.1 build 57.3 when recursive DNS caching is activated or the product is running as NAT device in front of a caching DNS server.

Solution:
A fixed version is planned to be released on August, 4th.

http://www.citrix.com/English/ss/downloads/results.asp?productID=21679

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://support.citrix.com/article/CTX117991

Collapse -
Ubuntu update for thunderbird

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31220
Release Date: 2008-07-25


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000732.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA30911:
http://secunia.com/advisories/30911/

SA30915:
http://secunia.com/advisories/30915/

Collapse -
Lore Cross-Site Scripting Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31217
Release Date: 2008-07-25


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Lore 1.x

Description:
Some vulnerabilities have been reported in Lore, which can be exploited by malicious people to conduct cross-site scripting-attacks.

Certain unspecified input passed to the "article comments feature" and the "search log" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 1.7.0.

Solution:
Update to version 1.7.0.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://puresw.com/kb/idx.php/8/025/article/Changelog.html

Collapse -
Live Music Plus "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31214
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Live Music Plus 3.x

Description:
IRAQI has reported a vulnerability in Live Music Plus, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in index.php (when "act" is set to "Singer") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 3.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
IRAQI

Original Advisory:
http://milw0rm.com/exploits/6128

Collapse -
BlueCat Networks Adonis DNS Cache Poisoning

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31213
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: BlueCat Networks Adonis

Description:
BlueCat Networks has acknowledged a vulnerability in BlueCat Networks Adonis, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the product not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

Solution:
Reportedly, patches are available via BlueCat Networks Support for the following version:
* Adonis v4.1.0.43
* Adonis v5.0.X.X
* Adonis v5.1.0.X
* Adonis v5.1.1.X

http://www.bluecatnetworks.com/clientsupport/

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://www.kb.cert.org/vuls/id/MIMG-7ECL66

Collapse -
Atom PhotoBlog "photoId" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31205
Release Date: 2008-07-25


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Atom PhotoBlog 1.x

Description:
Mr.SQL has discovered a vulnerability in Atom PhotoBlog, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "photoId" parameter in atomPhotoBlog.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.9.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Mr.SQL

Original Advisory:
http://milw0rm.com/exploits/6125

Collapse -
Blackboard Academic Suite Cross-Site Request Forgery Vulnera

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA31177
Release Date: 2008-07-25


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Blackboard Academic Suite 8.x

Description:
Mark Janssen has reported some vulnerabilities in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerabilities are caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. enroll users in courses.

Solution:
Do not browse other website while being logged in to the Blackboard Academic Suite.

Provided and/or discovered by:
Mark Janssen

Original Advisory:
http://ceaseless.ws/bb-csrf/

Collapse -
World's biggest ISPs drag feet on critical DNS patch -Update

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

BT, AT&T among those putting subscribers at risk
By Dan Goodin in San Francisco
Published Friday 25th July 2008

Updated More than two weeks after security researchers warned of a critical defect in the net's address lookup system, some of the world's biggest internet service providers - including AT&T, BT, Time Warner and Bell Canada - have yet to install a patch inoculating their subscribers against attacks.

According to an informal survey of Register readers, 15 ISPs failed the "Check my DNS" test (see button to the right) on the website of researcher Dan Kaminsky, who discovered the bug. Now that attack code exploiting the vulnerability has been leaked into the wild, millions of subscribers are at risk of being silently redirected to impostor sites that try to install malware or steal sensitive information. Comcast and Plusnet were the only two ISPs we found that weren't vulnerable.

More: http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/

Collapse -
DNS bug - observations

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Published: 2008-07-25,
Last Updated: 2008-07-25 14:12:49 UTC
by Swa Frantzen (Version: 1)

Better get the patches in over the weekend if you still didn't.

Verify any firewall, NAT etc. you use doesn't undo what the patches provide.

If you use DNS servers from your ISP, validate they did patch them, if not use alternate servers such as those of OpenDNS.

http://isc.sans.org/

Collapse -
Web banking security flaws 'widespread'

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Web banking security flaws 'widespread'

Research by the University of Michigan has found that 75 per cent of online banking sites have at least one design flaw that leaves customers exposed to cyber-crime.

The study, conducted by Professor Atul Prakash from the Department of Electrical Engineering and Computer Science, and doctoral students Laura Falk and Kevin Borders, examined the websites of 214 financial institutions in 2006.

The report found that the design flaws causing the problems were not bugs that can be fixed with a patch.

More: http://www.vnunet.com/vnunet/news/2222561/security-flaws-widespread-web

Collapse -
RealNetworks RealPlayer SWF Frame Handling Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Secunia Advisory: SA27620
Release Date: 2008-07-25


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: RealPlayer 10.x

Description:
Secunia Research has discovered a vulnerability in RealPlayer, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version RealPlayer 10.5. Other versions may also be affected.

Solution:
The vulnerability is fixed in an upcoming release.

Provided and/or discovered by:
Dyon Balding, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2007-93/

Collapse -
High-priority patch fixes critical vulns in RealPlayer

Available in Windows, Mac and Linux
By Dan Goodin in San Francisco

Published Friday 25th July 2008

RealNetworks has issued an update that patches four security holes in its RealPlayer jukebox program, including a critical flaw that vulnerability tracker Secunia published today.

The company says versions for Windows, Mac, Linux operating systems are all vulnerable to at least one of the flaws and that users should update as soon as possible.

More: http://www.theregister.co.uk/2008/07/25/realplayer_vulns_patched/

Collapse -
Recursive DNS Cache Auditing Resource

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Published: 2008-07-25,
Last Updated: 2008-07-25 19:45:55 UTC
by Patrick Nolan (Version: 1)

For those with a need, research described in Jose Avila's Recursive DNS Cache Auditing presentation is backed by the ONZRA security research tool CacheAudit v.01, see the Research folder at ONZRA for the CacheAudit download.

"CacheAudit is an open source aplication for monitoring the cache of a Recursive DNS server. It allows providers to detect and respond quickly to Cache Poisoning events".

http://isc.sans.org/

Collapse -
Apple also in the I of the DNS exploit storm

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Collapse -
DNS cache poisoning attacks spotted in the wild

In reply to: VULNERABILITIES \ FIXES - July 25, 2008

Date:07.25.2008

Threat Type: Malicious Web Site / Malicious Code

This is an update to our previous alert on the DNS cache poisoning attacks.

The previously embargoed details of a critical DNS cache poisoning flaw have been correctly deduced, and are now public. In a webinar held just yesterday, Dan Kaminsky, the security researcher who discovered this flaw, confirmed that the vulnerability has been leaked.

More code to exploit this flaw has surfaced since our previous alert on this topic, and attacks have been spotted in the wild.

Major ISPs, including AT&T, Time Warner, and Bell Canada have yet to respond to this threat, leaving millions of subscribers at risk. Microsoft has issued a formal security advisory; Apple, whose Mac OS X servers are susceptible, have yet to issue a statement.

Websense

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.