Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 29, 2008

AVG Anti-Virus UPX Processing Denial of Service

Secunia Advisory: SA31290
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: AVG Anti-Virus 8.x

Description:
Sergio ?shadown? Alvarez has reported a vulnerability in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a divide-by-zero error when processing UPX compressed executables. This can be exploited to cause the scanning engine to crash when scanning a specially crafted UPX compressed executable file.

The vulnerability affects versions prior to 8.0.156.

Solution:
Update to version 8.0.156 or later.

Provided and/or discovered by:
Sergio ?shadown? Alvarez

Original Advisory:
AVG:
http://www.grisoft.com/ww.94247

n.runs AG:
http://www.nruns.com/advisories/%5Bn....g%20Divide%20by%20Zero%20Advisory.txt

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 29, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 29, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Slackware update for vim

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31289
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for vim. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.440309

Other References:
SA30731:
http://secunia.com/advisories/30731/

Collapse -
Slackware update for openssl

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31288
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.562004

Other References:
SA30405:
http://secunia.com/advisories/30405/

Collapse -
Slackware update for fetchmail

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31287
Release Date: 2008-07-29


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 10.0
Slackware Linux 11.0
Slackware Linux 8.x
Slackware Linux 9.0
Slackware Linux 9.1

Description:
Slackware has issued an update for fetchmail. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.


Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.495740

Other References:
SA30742:
http://secunia.com/advisories/30742/

Collapse -
Slackware update for mozillla-thunderbird

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31286
Release Date: 2008-07-29


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.410484

Other References:
SA30915:
http://secunia.com/advisories/30915/

Collapse -
European Performance Systems Probe Builder Arbitrary Process

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31282
Release Date: 2008-07-29


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: European Performance Systems Probe Builder 2.x

Description:
A vulnerability has been reported in European Performance Systems Probe Builder, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an insecure method within the Probe Builder Service (PBOVISServer.exe). This can be exploited to terminate any process via a certain opcode sent to default port 32968/TCP.

Successful exploitation requires knowledge of the process ID to terminate.

The vulnerability affects versions prior to vA.02.20.901.

Solution:
Update to version vA.02.20.901.
http://www.eps.eu.com/download/patches/pbpatch01.zip

Provided and/or discovered by:
Discovered by an anonymous researcher and reported via iDefense Labs.

Original Advisory:
HPSBMA02353 SSRT080066:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01511225

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728

Collapse -
HP OpenView Internet Service Probe Builder Arbitrary Process

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31278
Release Date: 2008-07-29


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: HP OpenView Internet Service (OVIS) 6.x

Description:
A vulnerability has been reported in HP OpenView Internet Service, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to Probe Builder version vA.02.20.901.
http://www.eps.eu.com/download/patches/pbpatch01.zip

Provided and/or discovered by:
Discovered by an anonymous researcher and reported via iDefense Labs.

Original Advisory:
HPSBMA02353 SSRT080066:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01511225

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728

Other References:
http://secunia.com/advisories/31282/

Collapse -
Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Bu

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31277
Release Date: 2008-07-29


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Trend Micro OfficeScan Corporate Edition 7.x

Description:
Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.

Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.

The vulnerabilities are confirmed in version 7.3 build 1343(Patch 4). Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Elazar Broad

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063524.html

Collapse -
ViArt Shop "category_id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31275
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: ViArt Shop 3.x

Description:
James Bercegay has reported a vulnerability in ViArt Shop, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "category_id" parameter in products_rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and passwords.

The vulnerability is reported in version 3.5. Other versions may also be affected.

Solution:
Apply the vendor's official patch:
http://www.viart.com/another_critical...ion_security_fix_for_version_3_5.html

Provided and/or discovered by:
James Bercegay, GulfTech Security Research Team

Original Advisory:
http://www.gulftech.org/?node=research&article_id=00118-07292008

Collapse -
ATutor "type" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31274
Release Date: 2008-07-29


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: ATutor 1.x

Description:
R3d.W0rm has discovered a vulnerability in ATutor, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system.

Input passed to the "type" parameter in tools/packages/import.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires valid administrator credentials.

The vulnerability is confirmed in version 1.6.1-pl1. Other versions may also be affected.

Solution:
Grant administrator access to trusted users only.

Provided and/or discovered by:
IRCRASH (R3d.W0rm)

Original Advisory:
http://milw0rm.com/exploits/6153

Collapse -
Web Wiz Rich Text Editor "email" Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31272
Release Date: 2008-07-29


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Web Wiz Rich Text Editor 4.x

Description:
CSDT has discovered a vulnerability in Web Wiz Rich Text Editor, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "email" parameter in RTE_popup_link.asp is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 4.02. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CSDT

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-07/0254.html

Collapse -
Ubuntu update for firefox and xulrunner

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31270
Release Date: 2008-07-29


Critical:
Highly critical
Impact: Security Bypass
Spoofing
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000735.html

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA31106:
http://secunia.com/advisories/31106/

Collapse -
Ubuntu update for ffmpeg

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31268
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for ffmpeg. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000733.html

Other References:
SA30994:
http://secunia.com/advisories/30994/

Collapse -
Ubuntu update for poppler

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31267
Release Date: 2008-07-29


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for poppler. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000734.html

Other References:
SA30963:
http://secunia.com/advisories/30963/

Collapse -
Owl Intranet Engine "username" Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31264
Release Date: 2008-07-29


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Owl Intranet Engine 0.x

Description:
Fabian Fingerle has discovered a vulnerability in Owl Intranet Engine, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "username" parameter in register.php (when "myaction" is set to "getpasswd") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "Enable Self Register" is enabled in Site Features.

The vulnerability is confirmed in version 0.95. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Fabian Fingerle

Original Advisory:
http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html

Collapse -
phpMyAdmin Cross-Site Scripting and Spoofing

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31263
Release Date: 2008-07-29


Critical:
Not critical
Impact: Cross Site Scripting
Spoofing

Where: From remote

Solution Status: Vendor Patch


Software: phpMyAdmin 2.x

Description:
Aung Khant has reported two vulnerabilities in phpMyAdmin, which can be exploited by malicious local users to conduct cross-site scripting attacks, and by malicious people to conduct spoofing attacks.

Solution:
Update to version 2.11.8 or later.

Provided and/or discovered by:
Aung Khant, YGN Ethical Hacker Group

Original Advisory:
PMASA-2008-6:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6

Aung Khant:
http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf
http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf

Collapse -
rPath update for fetchmail

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31262
Release Date: 2008-07-29


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for fetchmail. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to:
fetchmail=conary.rpath.com@rpl:1/6.3.8-0.4-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235

Other References:
SA30742:
http://secunia.com/advisories/30742/

Collapse -
rPath update for firefox

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31261
Release Date: 2008-07-29


Critical:
Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable system.

Solution:
Update to:
firefox=conary.rpath.com@rpl:1/2.0.0.16-0.1-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238

Other References:
SA30761:
http://secunia.com/advisories/30761/

SA31120:
http://secunia.com/advisories/31120/

Collapse -
Gregarius "rsargs[]" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31260
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Workaround


Software: Gregarius 0.x



Description:
James Bercegay has discovered a vulnerability in Gregarius, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "rsargs[]" parameter in ajax.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 0.5.4. Other versions may also be affected.

Solution:
Fixed in the SVN repository.
http://svn.gregarius.net/trac/changeset/1788/trunk/gregarius/ajax.php

Provided and/or discovered by:
James Bercegay, GulfTech Security Research Team

Original Advisory:
http://www.gulftech.org/?node=research&article_id=00119-07302008

Collapse -
rPath update for tshark and wireshark

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31257
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for tshark and wireshark. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to:
tshark=conary.rpath.com@rpl:1/1.0.2-0.1-1
wireshark=conary.rpath.com@rpl:1/1.0.2-0.1-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237

Other References:
SA31044:
http://secunia.com/advisories/31044/

Collapse -
Jamroom Authentication Bypass and Multiple Unspecified Vulne

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31249
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Unknown
Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Jamroom 3.x

Description:
Some vulnerabilities have been reported in Jamroom, one of which can be exploited by malicious people to bypass certain security restrictions, while others have unknown impacts.

Solution:
Update to version 3.4.0.

Provided and/or discovered by:
James Bercegay, GulfTech Security Research Team.

Original Advisory:
Jamroom:
http://www.jamroom.net/phpBB2/viewtopic.php?t=24454

GulfTech Security Research Team:
http://www.gulftech.org/?node=research&article_id=00117-07282008

Collapse -
VMware ESX Server update for Samba and vmnix

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31246
Release Date: 2008-07-29


Critical:
Highly critical
Impact: Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Partial Fix


OS: VMware ESX Server 2.x
VMware ESX Server 3.x

Description:
VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, to cause a DoS (Denial of Service), or to gain escalated privileges, and malicious people to compromise a vulnerable system.

Solution:
Apply patches.

Original Advisory:
http://lists.vmware.com/pipermail/security-announce/2008/000023.html

Other References:
SA23436:
http://secunia.com/advisories/23436/

SA27908:
http://secunia.com/advisories/27908/

SA30108:
http://secunia.com/advisories/30108/

SA30228:
http://secunia.com/advisories/30228/

Collapse -
Pixelpost "language_full" Local File Inclusion

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31239
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Pixelpost 1.x

Description:
Digital Security Research Group has reported a vulnerability in Pixelpost, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "language_full" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability reportedly affects version 1.7.1 on Windows.

Solution:
Apply patch.
http://www.pixelpost.org/releases/pp_v1.7.1_securitypatch01.zip

Provided and/or discovered by:
Digital Security Research Group

Original Advisory:
Pixelpost:
http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch/

Digital Security Research Group:
http://www.milw0rm.com/exploits/6150

Collapse -
Cerberus CMS "cerberus_user" Cookie Script Insertion Vulnera

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31218
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Cerberus CMS 3.x



Description:
A vulnerability has been reported in Cerberus CMS, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the "cerberus_user" cookie is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the log files are viewed.

The vulnerability has been confirmed in version 3_1.3_0.9. Prior versions may also be affected.

Solution:
Update to version 3_1.4_0.9.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7

Collapse -
EMC Centera Universal Access SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31215
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: EMC Centera Universal Access 4.x

Description:
Lars Heidelberg and Aaron Brown have reported a vulnerability in EMC Centera Universal Access, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the user name to the CUA web interface when logging in is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows bypassing authentication and logging in as an arbitrary user.

The vulnerability is reported in version CUA4.0_4735.p4. Other versions may also be affected.

Solution:
The vendor has released CUA 4.0.1 Patch 1, which fixes the vulnerability (available via EMC Powerlink).
http://powerlink.emc.com/

Provided and/or discovered by:
Lars Heidelberg and Aaron Brown, adMERITia GmbH

Original Advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0403.html

Collapse -
ibase "filename" File Disclosure Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Secunia Advisory: SA31210
Release Date: 2008-07-29


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: ibase 2.x

Description:
Dyshoo has reported a vulnerability in ibase, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "filename" parameter in zubehoer/download.php is not properly sanitised before being used. This can be exploited to download arbitrary files via directory traversal attacks.

The vulnerability is reported in version 2.03. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Dyshoo

Original Advisory:
http://milw0rm.com/exploits/6126

Collapse -
Security update for AVG virus scanner

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

AVG Technologies' virus scanner contains a DoS vulnerability that allows attackers to crash the scanner. The crash is caused by division by zero when processing UPX-packed files. The vendor has released update 8.0.156, which fixes the problem.

Also in this version, the Search-Shield components do not scan web sites for malicious content until the user clicks on the link on the search page. Previously, the link scanner pre-scanned all of the sites found by a Google search, for instance ? the entire list shown on a search results page. This change is in response to massive criticism by network administrators that the link scanner would use too much bandwidth for its website analysis.

http://www.heise-online.co.uk/security/Security-update-for-AVG-virus-scanner--/news/111201

Collapse -
Security researcher publishes exploit toolkit

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole.

The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher with Infobyte Security Research. The initial version includes modules targeting Java, WinZip, WinAmp, Mac OS X, OpenOffice.org, iTunes, LinkedIn Toolbar, the download accelerator DAP, Notepad++ and Speedbit. Amato says in the toolkit's Readme file that each module supplied with the toolkit implements structures emulating a false update of a specific application or operating system.

More: http://www.heise-online.co.uk/security/Security-researcher-publishes-exploit-toolkit--/news/111203

Collapse -
Oracle Releases Security Advisory for WebLogic Plug-in Vulne

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

added July 29, 2008 at 07:52 am

Oracle has released a Security Advisory to address a vulnerability in the WebLogic plug-in for Apache. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to compromise the confidentiality or integrity of WebLogic Server applications or cause a denial-of-service condition. The advisory indicates that exploit code for this vulnerability is publicly available.

US-CERT encourages users to review the Oracle Security Advisory and implement the workarounds listed in the document to help mitigate the risks. At this time, a patch or update is not available.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#oracle_releases_security_advisory_for

Collapse -
Browser plug-ins flaws help hackers build botnets

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Cybercrooks get faster, further and sneakier

By John Leyden
Published Tuesday 29th July 2008

Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division.

The cyber-threat survey, which looked closely at information security events that happened during the first half of 2008, also revealed that attacks targeting flaws in browser plug-ins are increasing in prevalence. In the first half of 2008, around 78 percent of web browser exploits targeted browser plug-in bugs.

More: http://www.theregister.co.uk/2008/07/29/x_force_threat_report/

Collapse -
Apple skewered over missing DNS patch

In reply to: VULNERABILITIES \ FIXES - July 29, 2008

Users in a BIND

By John Leyden
Published Tuesday 29th July 2008

Apple has come under fire for failing to patch the critical Domain Name System (DNS) flaw which prompted a (rest of) industry wide response earlier this month.

For anyone just back from a trip up the Amazon, the discovery of a domain spoofing vulnerability by security researcher Dan Kaminsky sparked a massive patching effort that began on 8 July. Dozens of vendors - including Microsoft, Cisco, Ubuntu and the Internet Systems Consortium, which maintains BIND - released updates that mitigated against the risk of cache poisoning attacks, which stem from security shortcomings in the protocol itself rather than coding errors.

More: http://www.theregister.co.uk/2008/07/29/apple_dns_patch_mia/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.