Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 27, 2007

by Marianna Schmudlach / July 27, 2007 1:13 AM PDT

IBM AIX ftp Utility "gets()" Function Multiple Local Buffer Overflow Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2675
CVE ID : CVE-2007-4004
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by malicious users to obtain elevated privileges. These issues are caused by buffer overflow errors in the "ftp" utility when processing user-supplied parameters via a "gets()" function, which could be exploited by local attackers to execute arbitrary code with elevated privileges.

Affected Products

IBM AIX 5.2
IBM AIX 5.3

Solution

Apply interim fix :
ftp://aix.software.ibm.com/aix/efixes/security/ftpgets_ifix.tar.Z

IBM AIX 5.2.0 - Apply APAR IZ01812 (available approx. 10/31/2007)
IBM AIX 5.3.0 - Apply APAR IZ01813 (available approx. 11/27/2007)

References

http://www.frsirt.com/english/advisories/2007/2675
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=571

Credits

Vulnerabilities reported by iDefense Labs.

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 27, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 27, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
IBM AIX "capture" Terminal Control Sequence Local Buffer Ove
by Marianna Schmudlach / July 27, 2007 1:14 AM PDT

IBM AIX "capture" Terminal Control Sequence Local Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2676
CVE ID : CVE-2007-3333
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

A vulnerability has been identified in IBM AIX, which could be exploited by malicious users to obtain elevated privileges. This issue is caused by a buffer overflow error in the "capture" utility when parsing terminal control sequences, which could be exploited by local attackers to execute arbitrary code with elevated privileges.

Affected Products

IBM AIX 5.2
IBM AIX 5.3

Solution

Apply interim fix :
ftp://aix.software.ibm.com/aix/efixes/security/capture_ifix.tar.Z

IBM AIX 5.2.0 - Apply APAR IZ01134 (available approx. 10/31/2007)
IBM AIX 5.3.0 - Apply APAR IZ01135 (available approx. 11/27/2007)

References

http://www.frsirt.com/english/advisories/2007/2676
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=570

Credits

Vulnerability reported by iDefense Labs.

Collapse -
IBM AIX "pioout" Utility Arbitrary Library Loading Privilege
by Marianna Schmudlach / July 27, 2007 1:15 AM PDT

IBM AIX "pioout" Utility Arbitrary Library Loading Privilege Escalation Vulnerability

Advisory ID : FrSIRT/ADV-2007-2677
CVE ID : CVE-2007-4003
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

A vulnerability has been identified in IBM AIX, which could be exploited by malicious users to obtain elevated privileges. This issue is caused by an error in the "pioout" utility that loads shared libraries without dropping privileges, which could be exploited by local attackers to load a malicious library and execute arbitrary code with elevated privileges.

Affected Products

IBM AIX 5.2
IBM AIX 5.3

Solution

Apply interim fix :
ftp://aix.software.ibm.com/aix/efixes/security/pioout_ifix.tar.Z

IBM AIX 5.2.0 - Apply APAR IZ01121 (available approx. 10/31/2007)
IBM AIX 5.3.0 - Apply APAR IZ01122 (available approx. 08/08/2007)

References

http://www.frsirt.com/english/advisories/2007/2677
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=569

Credits

Vulnerability reported by iDefense Labs.

Collapse -
IBM AIX Multiple Utility Buffer Overflow and Insecure Permis
by Marianna Schmudlach / July 27, 2007 1:16 AM PDT

IBM AIX Multiple Utility Buffer Overflow and Insecure Permissions Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2678
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to obtain elevated privileges.

The first issue is caused by a buffer overflow error in the "lpd" utility when processing malformed arguments, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.

The second vulnerability is caused by insecure permissions being set on the "pioinit" script, which could be exploited by malicious users in the "bin" group to execute arbitrary commands with elevated privileges.

The third issue is caused by a buffer overflow error in the "arp" utility when processing malformed arguments, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.

Affected Products

IBM AIX 5.2
IBM AIX 5.3

Solution

Apply interim fixes :
ftp://aix.software.ibm.com/aix/efixes/security/lpd_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/pioinit_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/atm_ifix.tar.Z

IBM AIX 5.2.0 - Apply APAR IY98560, IY79785 and IZ00521 (available approx. 10/31/2007)
IBM AIX 5.3.0 - Apply APAR IY98339, IY79786 and IZ00510 (available approx. 08/08/2007)

References

http://www.frsirt.com/english/advisories/2007/2678

Credits

Vulnerabilities reported by the vendor.

Collapse -
Yahoo! Widgets YDP ActiveX Control Remote Command Execution
by Marianna Schmudlach / July 27, 2007 1:17 AM PDT

Yahoo! Widgets YDP ActiveX Control Remote Command Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2679
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

A vulnerability has been identified in Yahoo! Widgets, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the "YDPCTL.YDPControl.1" (YDPCTL.dll) ActiveX control when processing malformed arguments passed to the "GetComponentVersion()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected Products

Yahoo! Widgets versions prior to 4.0.5

Solution

Upgrade to Yahoo! Widgets version 4.0.5 :
http://widgets.yahoo.com/download

References

http://www.frsirt.com/english/advisories/2007/2679
http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html

Credits

Vulnerability reported by Parvez Anwar via Secunia.

Collapse -
Nessus Vulnerability Scanner ActiveX Control Remote File Del
by Marianna Schmudlach / July 27, 2007 1:18 AM PDT

Nessus Vulnerability Scanner ActiveX Control Remote File Deletion Vulnerability

Advisory ID : FrSIRT/ADV-2007-2680
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

A vulnerability has been identified in Nessus Vulnerability Scanner, which could be exploited by remote attackers to delete arbitrary files or cause a denial of service. This issue is caused by an error in the "deleteReport()" method within the "SCANCTRL.ScanCtrlCtrl.1" (scan.dll) ActiveX control, which could be exploited by attackers to delete arbitrary files on a vulnerable system by tricking a user into visiting a malicious web page.

Affected Products

Nessus Vulnerability Scanner version 3.0.6 and prior

Solution

Set a kill bit for the CLSID {A47D5315-321D-4DEE-9DB3-18438023193B}.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2680

Credits

Vulnerability reported by Krystian Kloskowski.

Collapse -
Slackware Security Update Fixes Libexif Image Handling Code
by Marianna Schmudlach / July 27, 2007 1:37 AM PDT

Slackware Security Update Fixes Libexif Image Handling Code Execution Issue

Advisory ID : FrSIRT/ADV-2007-2669
CVE ID : CVE-2006-4168
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

A vulnerability has been identified in Slackware, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : FrSIRT/ADV-2007-2165

Affected Products

Slackware 10.2
Slackware 11.0

Solution

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libexif-0.6.16-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libexif-0.6.16-i486-1.tgz

References

http://www.frsirt.com/english/advisories/2007/2669
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.389747

Collapse -
Slackware Security Update Fixes GD Multiple Code Execution V
by Marianna Schmudlach / July 27, 2007 1:38 AM PDT

Slackware Security Update Fixes GD Multiple Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2670
CVE ID : CVE-2007-3472 - CVE-2007-3473 - CVE-2007-3474 - CVE-2007-3475 - CVE-2007-3476 - CVE-2007-3477 - CVE-2007-3478
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in Slackware, which could be exploited by attackers to cause a denial of service or execute arbitrary code. These issues are caused by errors in GD. For additional information, see : FrSIRT/ADV-2007-2336

Affected Products

Slackware 11.0

Solution

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.0.35-i486-1.tgz

References

http://www.frsirt.com/english/advisories/2007/2670
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.347423

Collapse -
Slackware Security Update Fixes Mozilla Firefox Code Executi
by Marianna Schmudlach / July 27, 2007 1:39 AM PDT

Slackware Security Update Fixes Mozilla Firefox Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2671
CVE ID : CVE-2007-3089 - CVE-2007-3285 - CVE-2007-3656 - CVE-2007-3734 - CVE-2007-3735 - CVE-2007-3736 - CVE-2007-3737 - CVE-2007-3738
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in Slackware, which could be exploited by attackers to execute arbitrary commands or scripting code. These issues are caused by errors in Mozilla Firefox. For additional information, see : FrSIRT/ADV-2007-2564

Affected Products

Slackware 11.0
Slackware 12.0

Solution

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-firefox-2.0.0.5-i686-1.tgz

References

http://www.frsirt.com/english/advisories/2007/2671
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.378219

Collapse -
Slackware Security Update Fixes Thunderbird Code Execution V
by Marianna Schmudlach / July 27, 2007 1:40 AM PDT

Slackware Security Update Fixes Thunderbird Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2672
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in Slackware, which could be exploited by attackers to execute arbitrary commands or scripting code. These issues are caused by errors in Mozilla Thunderbird. For additional information, see : FrSIRT/ADV-2007-1994 - FrSIRT/ADV-2007-2565

Affected Products

Slackware 11.0
Slackware 12.0

Solution

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-2.0.0.4-i686-1.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz

References

http://www.frsirt.com/english/advisories/2007/2672
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.339692
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.371349

Collapse -
Slackware Security Update Fixes Seamonkey Code Execution Vul
by Marianna Schmudlach / July 27, 2007 1:42 AM PDT

Slackware Security Update Fixes Seamonkey Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2673
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Multiple vulnerabilities have been identified in Slackware, which could be exploited by attackers to execute arbitrary commands or scripting code. These issues are caused by errors in Mozilla Seamonkey. For additional information, see : FrSIRT/ADV-2007-2565

Affected Products

Slackware 11.0
Slackware 12.0

Solution

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.3-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/seamonkey-1.1.3-i486-1_slack12.0.tgz

References

http://www.frsirt.com/english/advisories/2007/2673
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.383257

Collapse -
Slackware Security Update Fixes Bind Cache Poisoning and Sec
by Marianna Schmudlach / July 27, 2007 1:43 AM PDT

Slackware Security Update Fixes Bind Cache Poisoning and Security Bypass

Advisory ID : FrSIRT/ADV-2007-2674
CVE ID : CVE-2007-2925 - CVE-2007-2926
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-27
Technical Description

Two vulnerabilities have been identified in Slackware, which could be exploited by attackers to bypass security restrictions. These issues are caused by errors in Bind. For additional information, see : FrSIRT/ADV-2007-2627 - FrSIRT/ADV-2007-2628

Affected Products

Slackware 8.1
Slackware 9.0
Slackware 9.1
Slackware 10.0
Slackware 10.1
Slackware 10.2
Slackware 11.0
Slackware 12.0

Solution

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.2.8_P1-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.2.8_P1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.2.8_P1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.2.8_P1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.4_P1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.4_P1-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.1_P1-i486-1_slack12.0.tgz

References

http://www.frsirt.com/english/advisories/2007/2674
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385

Collapse -
UltraDefrag "FindFiles()" Buffer Overflow
by Marianna Schmudlach / July 27, 2007 7:21 AM PDT

TITLE:
UltraDefrag "FindFiles()" Buffer Overflow

SECUNIA ADVISORY ID:
SA26233

VERIFY ADVISORY:
http://secunia.com/advisories/26233/

CRITICAL:
Less critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
UltraDefrag 1.x
http://secunia.com/product/15003/

DESCRIPTION:
A vulnerability has been reported in UltraDefrag, which can
potentially be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to a boundary error within the
"FindFiles()" function. This can be exploited to cause a heap-based
buffer overflow by placing a file with a specially crafted, overly
long pathname on the user's machine.

The vulnerability is reported in version 1.0.3. Prior versions may
also be affected.

SOLUTION:
Update to version 1.0.4.
http://sourceforge.net/project/showfiles.php?group_id=199532&package_id=236738&release_id=527964

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?group_id=199532&release_id=527964

Collapse -
Novell Client NWSPOOL.DLL Buffer Overflow Vulnerability
by Marianna Schmudlach / July 27, 2007 7:25 AM PDT

TITLE:
Novell Client NWSPOOL.DLL Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA26238

VERIFY ADVISORY:
http://secunia.com/advisories/26238/

CRITICAL:
Moderately critical

IMPACT:
Unknown

WHERE:
From local network

SOFTWARE:
Novell Client for Windows NT/2000/XP 4.x
http://secunia.com/product/1516/

DESCRIPTION:
Novell has acknowledged a vulnerability in Novell Client, which has
unknown impact.

The vulnerability is caused due to an unspecified buffer overflow
within the NWSPOOL.DLL file. No further information is currently
available.

The vulnerability is reported in Novell Client v4.91 SP4 for Windows
2000/XP/2003.

SOLUTION:
Apply patch.
http://download.novell.com/Download?buildid=35u0-_z6wT8~

PROVIDED AND/OR DISCOVERED BY:
The vendor credits TippingPoint Technologies.

ORIGINAL ADVISORY:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005400.html

Collapse -
Linux Kernel RTA_MAX Security Issue and Seed Refeed Weakness
by Marianna Schmudlach / July 27, 2007 10:55 AM PDT

TITLE:
Linux Kernel RTA_MAX Security Issue and Seed Refeed Weakness

SECUNIA ADVISORY ID:
SA26244

VERIFY ADVISORY:
http://secunia.com/advisories/26244/

CRITICAL:
Less critical

IMPACT:
Brute force, DoS

WHERE:
From remote

OPERATING SYSTEM:
Linux Kernel 2.4.x
http://secunia.com/product/763/

DESCRIPTION:
A security issue and a weakness have been reported in the Linux
Kernel, which potentially can be exploited by malicious people to
cause a DoS (Denial of Service) or bypass certain security
restrictions.

1) A boundary error due to the use of RTA_MAX instead of RTN_MAX in
dn_fib_props[] within dn_fib.c and in fib_props[] within
fib_semantics.c can potentially be exploited to cause a DoS.

2) The "xfer_secondary_pool()" function in drivers/char/random.c uses
the wrong data to refeed seeds into the random number generator. This
may weaken the security of applications relying on the random number
generator.

Note: This also fixes a problem introduced by a previous smbfs
security patch.

SOLUTION:
Update to version 2.4.35.

PROVIDED AND/OR DISCOVERED BY:
1) PaX Team
2) Thomas Graf

ORIGINAL ADVISORY:
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!