Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 3, 2008

Opera for Windows Unspecified Code Execution

Secunia Advisory: SA30937
Release Date: 2008-07-03


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error, which can be exploited to execute arbitrary code. No further information is currently available.

The vulnerability is reported in versions prior to 9.51.

Solution:
Update to version 9.51.
http://www.opera.com/download/

Provided and/or discovered by:
The vendor credits Billy Rios.

Original Advisory:
Opera:
http://www.opera.com/docs/changelogs/windows/951/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 3, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 3, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Drupal Outline Designer Security Bypass

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30936
Release Date: 2008-07-03


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Outline Designer Module 5.x

Description:
A vulnerability has been reported in the Outline Designer module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to an error within the module, which can be exploited e.g. by a user to become authenticated as the author of a viewed content item.

The vulnerability is reported in versions prior to 5.x-1.4.

Solution:
Update to version 5.x-1.4.
http://drupal.org/node/277851

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
SA-2008-043:
http://drupal.org/node/277883

Collapse -
Opera Canvas Functions Information Disclosure

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30935
Release Date: 2008-07-03


Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
A vulnerability has been reported in Opera, which can be exploited by malicious people to potentially disclose sensitive information.

The vulnerability is caused due to an error when handling certain canvas functions and can be exploited to read random memory.

The vulnerability is reported in versions prior to 9.51.

Update to version 9.51.
http://www.opera.com/download/

Provided and/or discovered by:
The vendor credits Philip Taylor.

Original Advisory:
http://www.opera.com/support/search/view/887/

Collapse -
Drupal Tinytax taxonomy block Script Insertion Vulnerabiliti

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30934
Release Date: 2008-07-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Tinytax taxonomy block Module 5.x

Description:
Some vulnerabilities have been reported in the Tinytax taxonomy block module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input when creating taxonomy terms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a malicious page is viewed.

Successful exploitation requires permission to create taxonomy terms.

The vulnerabilities are reported in versions prior to 5.x-1.10-1.

Solution:
Update to version 5.x-1.10-1.
http://drupal.org/node/277682

Provided and/or discovered by:
The vendor credits Simon Rycroft (module maintainer).

Original Advisory:
SA-2008-042:
http://drupal.org/node/277879

Collapse -
Drupal Taxonomy Autotagger SQL Injection and Script Insertio

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30933
Release Date: 2008-07-03


Critical:
Less critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Taxonomy Autotagger Module 5.x


Description:
Some vulnerabilities have been reported in the Taxonomy Autotagger module for Drupal, which can be exploited by malicious users to conduct SQL injection and script insertion attacks.

1) Certain unspecified input when creating or editing posts is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a malicious page is viewed.

2) Certain unspecified input passed when creating or editing posts is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of the vulnerabilities require permission to create or edit posts.

The vulnerabilities are reported in versions prior to 5.x-1.8.

Solution:
Update to version 5.x-1.8.
http://drupal.org/node/277684

Provided and/or discovered by:
The vendor credits:
1) Heine Deelstra of the Drupal security team
2) John Morahan

Original Advisory:
SA-2008-041:
http://drupal.org/node/277877

Collapse -
rPath update for tshark and wireshark

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30932
Release Date: 2008-07-03


Critical:
Moderately critical
Impact: Exposure of sensitive information
DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for tshark and wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

Solution:
Update to:
"tshark=conary.rpath.com@rpl:1/1.0.1-0.1-1"
"wireshark=conary.rpath.com@rpl:1/1.0.1-0.1-1"

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212

Other References:
SA30886:
http://secunia.com/advisories/30886/

Collapse -
Red Hat update for rhpki-common

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30929
Release Date: 2008-07-03


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Certificate System 7.x



Description:
Red Hat has issued an update for rhpki-common. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error in the handling of Extensions in certificate signing requests (CSR) where all requested Extensions are added to the issued certificate. This can be exploited to bypass certain security policies, e.g. submit a CSR for a subordinate CA certificate although prohibited in the CA configuration.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0500.html

Collapse -
Drupal Organic groups Information Disclosure and Script Inse

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30928
Release Date: 2008-07-03


Critical:
Less critical
Impact: Cross Site Scripting
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Organic groups Module 5.x
Drupal Organic groups Module 6.x

Description:
Some vulnerabilities have been reported in the Organic groups module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information or conduct script insertion attacks.

1) Certain unspecified input when starting a discussion in a group is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site.

Successful exploitation requires that a user is e.g. tricked into joining a malicious group and starting a discussion.

2) It is possible to view the title of private groups when OG Access module is enabled and the site uses the private groups feature.

The vulnerabilities are reported in versions prior to 5.x-7.3 and 6.x-1.0-RC1.

Solution:
Update to the fixed versions.

5.x-7.3:
http://drupal.org/node/277854

6.x-1.0-RC1:
http://drupal.org/node/277869

Provided and/or discovered by:
The vendor credits:
1) fago
2) John Forsythe

Original Advisory:
SA-2008-040:
http://drupal.org/node/277873

Collapse -
Fedora update for ruby

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30927
Release Date: 2008-07-03


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update ruby").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html

Other References:
SA30924:
http://secunia.com/advisories/30924/

Collapse -
FreeStyle Wiki Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30923
Release Date: 2008-07-03


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: FreeStyle Wiki 3.x

Description:
A vulnerability has been reported in FreeStyle Wiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 3.6.2 and prior, and version 3.6.3 dev3 and prior.

Solution:
Apply patch (see vendor's advisory for details).

Provided and/or discovered by:
Reported via JVN.

Original Advisory:
JVN#77432756:
http://jvn.jp/jp/JVN77432756/index.html

FreeStyleWiki:
http://fswiki.org/wiki.pl?page=%CD%FA%CE%F2%2F2008%2D7%2D3

Collapse -
XchangeBoard "boardID" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30919
Release Date: 2008-07-03


Critical:
Less critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: XchangeBoard 1.x

Description:
haZl0oh has discovered a vulnerability in XchangeBoard, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "boardID" parameter in newThread.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and password hashes, but requires valid user credentials.

The vulnerability is confirmed in version 1.70 and 1.75 Beta. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
haZl0oh

Original Advisory:
http://milw0rm.com/exploits/5991

Collapse -
Fedora update for openldap

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30917
Release Date: 2008-07-03


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA30853

Solution:
Apply updated packages via the yum utility ("yum update openldap").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html

Other References:
SA30853:
http://secunia.com/advisories/30853/

Collapse -
Fedora update for squid

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30914
Release Date: 2008-07-03


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update squid").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html

Other References:
SA12791:
http://secunia.com/advisories/12791/

Collapse -
Fedora update for linuxdcpp

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30907
Release Date: 2008-07-03


Critical:
Not critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for linuxdccp. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update linuxdccp").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html

Other References:
SA30918:
http://secunia.com/advisories/30918/

Collapse -
Red Hat update for seamonkey

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Secunia Advisory: SA30878
Release Date: 2008-07-03


Critical:
Highly critical
Impact: System access
DoS
Exposure of sensitive information
Spoofing
Cross Site Scripting
Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Linux Advanced Workstation 2.1 for Itanium

Description:
Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0547.html

Other References:
SA29860:
http://secunia.com/advisories/29860/

Collapse -
VLC Media Player chokes on music files

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Specially crafted WAV files can trigger a buffer overflow on the heap in VLC Media Player. This could be exploited by attackers to inject and execute code, prompting Secunia, which discovered the vulnerability, to class it as highly critical. The Windows version of VLC Media Player 0.8.6h and possibly earlier versions are affected. Version 0.8.6i is reported to fix the bug. Although the changelog for this version is already available, the download page is still offering the vulnerable version 0.8.6h.

http://www.heise-online.co.uk/security/VLC-Media-Player-chokes-on-music-files--/news/111044

Collapse -
Citibank ATM network hacked

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

The on-line edition of the New York Times reports that unknown persons have gained access to Citibank's internal ATM network and captured PIN data, using the network connections of Citibank ATMs installed in the US 7-Eleven retail chain. The thieves are said to have got the PINs by attacking the remote terminals that validate the PINs input at ATMs, thus bagging several million dollars. The number of Citibank clients affected is unknown.

More: http://www.heise-online.co.uk/security/Citibank-ATM-network-hacked--/news/111045

Collapse -
New Opera v9.51 fixes couple of security issues

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Published: 2008-07-03,
Last Updated: 2008-07-03 11:38:29 UTC
by Bojan Zdrnja

A new version of Opera (v9.51) has been released. It fixes couple of security vulnerabilities and some stability issues. One of the fixed issues includes arbitrary code execution but the exploit has not been published yet.

In any case, if you are an Opera user, download the latest version from http://www.opera.com/download/

http://isc.sans.org/

Collapse -
IE8 to feature cross-site scripting shield

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

03 July 2008
By Gregg Keizer, Computerworld (US)

Microsoft has outlined new security features it will add to Internet Explorer (IE) next month, including anti-malware protection to block most cross-site scripting attacks.

Internet Explorer 8 Beta 2, which Microsoft has slated for release sometime in August, will include two new security tools, said Austin Wilson, the director of Windows client product management.
One, dubbed "SmartScreen Filter" by Microsoft, adds malware blocking to the anti-phishing protection already embedded in IE7. The new feature, which will resemble the defences already used by rival browsers Firefox 3.0 and Opera 9.5, will warn users when they're about to visit a site known or suspected of spreading malicious code and then block any download from that site.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=102075

Collapse -
Avoiding SQL injection attacks

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

3 July 2008

One of the reasons the web is so popular with attackers today is that innocent sites can be compromised and used to infect large numbers of victims. As I have commented previously [1], web sites/servers have proved to be fairly soft targets - something attackers have taken full advantage of. It is easy to think that the only victim of these attacks is the user, who gets exposed to malicious code when browsing compromised sites. However, there are two victims - in addition to the user, the owner/administrator of the site also suffers.

This is particularly apparent with the recent SQL injection attacks [2,3], in which back end databases are ?peppered? with malicious code (in this case script tags). Clean up can be fairly painful, and there are numerous cases of folks cleaning up their database only to be hit again a few hours later. The best solution is prevention, to avoid being hit in the first place.

This blog post is intended to summarize a few tips that site owners/administrators/developers can follow in order to minimize their chance of being hit. Much of the information is already publicly available, (for example within or linked from the recent Microsoft advisory [4]).

More: http://www.sophos.com/security/blog/2008/07/1545.html

Collapse -
Microsoft Releases Advanced Notification for July Security B

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

July 3, 2008

Microsoft has issued a Security Bulletin Advance Notification indicating that its July release cycle will contain four bulletins which all will have a severity rating of Important. The notification states that these Important bulletins are for Microsoft Windows, Microsoft SQL Server, and Microsoft Exchange Server. Release of these bulletins is scheduled for Tuesday, July 8.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#microsoft_releases_advanced_notification_for

Collapse -
Google open sources RatProxy security tool

In reply to: VULNERABILITIES \ FIXES - July 3, 2008

Web sniffer made available to all

Written by Shaun Nichols in San Francisco

vnunet.com, 03 Jul 2008

Google has released the source code for its internal RatProxy security tool.

The software analyses web pages for potential security risks and reports back to the site administrator.

RatProxy can pick up cross-site scripting flaws and incomplete cross-site defence mechanisms, as well as potential data leak sources and risky code that retrieves data from outside domains.

Google hopes that developers will put the tool to use when coding new web-based services that rely on multiple sites and outside sources for data.

More: http://www.vnunet.com/vnunet/news/2220583/google-releases-web-app

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.