Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 3, 2007

by Marianna Schmudlach / July 3, 2007 2:42 AM PDT

GNU C Library (glibc) "process_envvars()" Function Local Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2418
CVE ID : CVE-2007-3508
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in GNU C Library (glibc), which could be exploited by malicious users to obtain elevated privileges. This issue is caused by an integer overflow error in the "process_envvars()" [elf/rtld.c] function when processing a specially crafted "LD_HWCAP_MASK" (mask for hardware capabilities) environment variable, which could be exploited by local attackers to execute arbitrary code with elevated privileges via a setuid application linked against an affected library.

Affected Products

GNU C Library (glibc) version 2.6 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2418

Credits

Vulnerability reported by Tavis Ormandy.

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 3, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 3, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
BlackBerry Enterprise Server Decompression Algorithm Buffer
by Marianna Schmudlach / July 3, 2007 2:43 AM PDT

BlackBerry Enterprise Server Decompression Algorithm Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2419
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in BlackBerry Enterprise Server, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error within the decompression algorithm when processing malformed data, which could be exploited by attackers to crash an affected application or execute arbitrary code via a specially crafted packet.

Affected Products

BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Domino 2.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Exchange 3.x
BlackBerry Enterprise Server for GroupWise 4.x

Solution

Apply patches :
http://www.blackberry.com/support/downloads/index.shtml

References

http://www.frsirt.com/english/advisories/2007/2419
http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html

Credits

Vulnerability reported by Imad Lahoud (EADS Corporate Research Center IT Security Lab).

Collapse -
Flac-tools flac123 "local__vcentry_parse_value()" Function B
by Marianna Schmudlach / July 3, 2007 2:45 AM PDT

Flac-tools flac123 "local__vcentry_parse_value()" Function Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2420
CVE ID : CVE-2007-3507
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in Flac-tools flac123, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is caused by a buffer overflow error in the "local__vcentry_parse_value()" [vorbiscomment.c] function when parsing vorbis comments, which could be exploited by attackers to compromise a vulnerable system by tricking a user into playing a specially crafted audio file.

Affected Products

Flac-tools (flac123) version 0.0.9 and prior

Solution

Upgrade to Flac-tools (flac123) version 0.0.10 :
http://sourceforge.net/projects/flac-tools/

References

http://www.frsirt.com/english/advisories/2007/2420
http://sourceforge.net/project/shownotes.php?release_id=519253&group_id=41907
http://www.isecpartners.com/advisories/2007-002-flactools.txt

Credits

Vulnerability reported by David Thiel (iSEC Partners).

Collapse -
GIMP PSD Plugin "seek_to_and_unpack_pixeldata()" Integer Ove
by Marianna Schmudlach / July 3, 2007 2:46 AM PDT

GIMP PSD Plugin "seek_to_and_unpack_pixeldata()" Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2421
CVE ID : CVE-2007-2949
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in GIMP, which could be exploited by attackers to execute arbitrary code. This issue is caused by an integer overflow error in the "seek_to_and_unpack_pixeldata()" [plug-ins/common/psd.c] function when processing overly large width or height values read from a PSD file, which could be exploited by attackers to compromise an affected system by convincing a user to open a specially crafted file.

Affected Products

GIMP version 2.2.15 and prior

Solution

A fix is available via SVN :
http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798

References

http://www.frsirt.com/english/advisories/2007/2421
http://secunia.com/secunia_research/2007-63/advisory

Credits

Vulnerability reported by Stefan Cornelius (Secunia Research).

Collapse -
Fedora Security Update Fixes Ekg Client Multiple Denial of S
by Marianna Schmudlach / July 3, 2007 2:49 AM PDT

Fedora Security Update Fixes Ekg Client Multiple Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2414
CVE ID : CVE-2007-1663 - CVE-2007-1664 - CVE-2007-1665
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service. These issues are caused by errors in the token OCR and image message functionalities within EKG, which could be exploited by attackers to crash an affected application.

Affected Products

Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2414
https://www.redhat.com/archives/fedora-package-announce/2007-July/msg00010.html

Collapse -
Gentoo Security Update Fixes OpenOffice RTF Parser Heap Over
by Marianna Schmudlach / July 3, 2007 2:50 AM PDT

Gentoo Security Update Fixes OpenOffice RTF Parser Heap Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2415
CVE ID : CVE-2007-0245 - CVE-2007-2754
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in SuSE, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in OpenOffice.org. For additional information, see : FrSIRT/ADV-2007-2166

Affected Products

app-office/openoffice versions prior to 2.2.1
app-office/openoffice-bin versions prior to 2.2.1

Solution

Upgrade the affected packages :
# emerge --sync
# emerge --ask --oneshot --verbose " >=app-office/openoffice-2.2.1"
# emerge --ask --oneshot --verbose " >=app-office/openoffice-bin-2.2.1"

References

http://www.frsirt.com/english/advisories/2007/2415
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml

Collapse -
Gentoo Security Update Fixes Evolution-data-server Code Exec
by Marianna Schmudlach / July 3, 2007 2:52 AM PDT

Gentoo Security Update Fixes Evolution-data-server Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2416
CVE ID : CVE-2007-3257
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-03
Technical Description

A vulnerability has been identified in Gentoo, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in evolution-data-server. For additional information, see : FrSIRT/ADV-2007-2282

Affected Products

gnome-extra/evolution-data-server versions prior to 1.8.3-r5

Solution

Upgrade the affected packages :
# emerge --sync
# emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server"

References

http://www.frsirt.com/english/advisories/2007/2416
http://www.gentoo.org/security/en/glsa/glsa-200707-03.xml

Collapse -
HP Instant Support Driver Check sdd.dll Buffer Overflow
by Marianna Schmudlach / July 3, 2007 8:17 AM PDT

TITLE:
HP Instant Support Driver Check sdd.dll Buffer Overflow

SECUNIA ADVISORY ID:
SA25918

VERIFY ADVISORY:
http://secunia.com/advisories/25918/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
HP Instant Support - Driver Check 1.x
http://secunia.com/product/14696/

DESCRIPTION:
A vulnerability has been reported in HP Instant Support Driver Check,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a boundary error when processing
the "queryHub()" function in sdd.dll. This can be exploited to cause
a buffer overflow via an overly long string passed to the affected
function when a user visits a malicious web page.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in versions prior to 1.5.0.3.

SOLUTION:
Update to version 1.5.0.3.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits John Heasman of NGSSoftware and Carlo Di Dato
a.k.a. shinnai.

ORIGINAL ADVISORY:
HP:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01077597

Shinnai:
http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1183360239.ff.php&page=last

Collapse -
HP TCP/IP Services for OpenVMS Two Security Issues
by Marianna Schmudlach / July 3, 2007 8:18 AM PDT

TITLE:
HP TCP/IP Services for OpenVMS Two Security Issues

SECUNIA ADVISORY ID:
SA25882

VERIFY ADVISORY:
http://secunia.com/advisories/25882/

CRITICAL:
Less critical

IMPACT:
Brute force, Exposure of sensitive information

WHERE:
From local network

SOFTWARE:
HP TCP/IP Services for OpenVMS 5.x
http://secunia.com/product/2949/

DESCRIPTION:
Two security issues have been reported in HP TCP/IP Services for
OpenVMS, which can be exploited by malicious people to disclose
sensitive information or to conduct brute force attacks.

1) The security issue is caused due to the POP server returning
different responses depending on whether or not a valid user name is
supplied and can be exploited to enumerate valid POP user names.

2) The problem is that the TCP/IP Services POP3 mail mechanism is not
utilising the intrusion detection of OpenVMS properly. This can be
exploited to conduct brute force attacks.

The security issues are reported in TCP/IP Services 5.6. Other
versions may also be affected.

SOLUTION:
Grant only trusted people network access to the POP service.

PROVIDED AND/OR DISCOVERED BY:
JF Mezei

ORIGINAL ADVISORY:
http://groups.google.com/group/comp.os.vms/browse_thread/thread/a5f68773805f862d/8a42e91fe1e9cd36

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?