Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 8, 2008

PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability

Secunia Advisory: SA30976
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: 4ndvddb 0.x

Description:
lovebug has reported a vulnerability in the 4ndvddb module for PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in modules.php (when "name" is set to "4ndvddb" and "rop" to "show_dvd") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 0.91. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
lovebug

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-07/0049.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 8, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 8, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gentoo update for libpcre and glib

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30972
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for libpcre and glib. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
libpcre users:
Update to "dev-libs/libpcre-7.7-r1" or later.

glib users:
Update to "dev-libs/glib-2.16.3-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml

Other References:
SA30916
http://secunia.com/advisories/30916/

SA30944:
http://secunia.com/advisories/30944/

Collapse -
Triton CMS Pro "X-Forwarded-For" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30969
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Triton CMS Pro 1.x



Description:
__GiReX__ has reported a vulnerability in Triton CMS Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "X-Forwarded-For" header in a HTTP request is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
__GiReX__

Original Advisory:
http://milw0rm.com/exploits/6017

Collapse -
Poppler "pageWidgets" Uninitialized Memory Access

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30963
Release Date: 2008-07-08


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: Poppler 0.x

Description:
A vulnerability has been reported in Poppler, which potentially can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to the "Page" constructor leaving the "pageWidgets" object uninitialized under specific circumstances. This can be exploited to potentially trigger a call to an arbitrary address when the object is deleted.

Successful exploitation may allow execution of arbitrary code via a specially crafted PDF file.

The vulnerability is reported in version 0.8.4. Other versions may also be affected.

Solution:
Do not open untrusted PDF files with applications using the library.

Provided and/or discovered by:
Felipe Andres Manzano, reported via oCERT.

Original Advisory:
http://www.ocert.org/advisories/ocert-2008-007.html

Collapse -
Neutrino Atomic Edition Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30950
Release Date: 2008-07-08


Critical:
Highly critical
Impact: Security Bypass
System access

Where: From remote

Solution Status: Unpatched


Software: Neutrino Atomic Edition 0.x

Description:
Ams has reported a vulnerability in Neutrino Atomic Edition, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

Input passed to the "p" and "mail" parameters in index.php when "action" is set to "usb" is not properly validated before being used. This can be exploited to e.g. modify and delete the sess.php file and allow creation of new pages containing arbitrary PHP code.

The vulnerability is reported in version 0.8.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly validated.

Provided and/or discovered by:
Ams

Changelog:
http://milw0rm.com/exploits/6018

Collapse -
webXell Editor File Upload Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30948
Release Date: 2008-07-08


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: webXell Editor 0.x



Description:
CWH Underground has discovered a vulnerability in webXell, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the upload_pictures.php script failing to validate the extensions of uploaded files. This can be exploited to upload files with arbitrary extensions (e.g. ".php") and execute arbitrary PHP code on the server.

The vulnerability is confirmed in version 0.1.3. Other versions may also be affected.

Solution:
Implement whitelisting based on file extensions in uploaded files.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/6015

Collapse -
Joomla Brightcode Weblinks Component "catid" SQL Injection

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30922
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Brightcode Weblinks (component for Joomla)

Description:
His0k4 has reported a vulnerability in the Brightcode Weblinks component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in the Joomla! installation's index.php script (when "option" is set to "com_brightweblinks") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5993

Collapse -
Joomla Unauthorized Access Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30974
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Joomla! 1.x

Description:
Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and disclose potentially sensitive information.

1) An unspecified error in LDAP can be exploited to gain unauthorized access to the administration section.

2) An unspecified error within file caching can be exploited to gain unauthorized access to cached pages.

NOTE: A fix regarding User Redirect Spam and a security enhancement to the .htaccess file has also been reported.

The vulnerabilities are reported in versions prior to 1.5.4.

Solution:
Update to version 1.5.4.
http://joomlacode.org/gf/project/joom...ReleaseBrowse&frs_package_id=3786

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.joomla.org/content/view/5180/1/

Collapse -
libpoppler Uninitialized Pointer

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Collapse -
Microsoft hopes third time is lucky with XP SP3 update

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Sets server release dates despite MIA SQL server
By Kelly Fiveash
Published Tuesday 8th July 2008

Microsoft yesterday got out its big red felt pen and marked a few release dates on the calendar.

Small Business Server 2008 and Windows Essential Business Server 2008 will both land in November this year. Meanwhile, Windows XP service pack three (SP3) will finally be pushed out ?shortly?.

The software giant has been forced to delay the automatic web release of XP SP3 twice, so presumably it will be hoping the third time's the charm with the service pack?s auto-release.

More: http://www.theregister.co.uk/2008/07/08/microsoft_xp_sp3_smb_server/

Collapse -
MS issues eleventh hour Snapshot bug workaround

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Rush to fix serious ActiveX flaw
By John Leyden
Published Tuesday 8th July 2008

Microsoft has taken the unusual step of issuing a workaround for a new security bug involving Microsoft Office a day before its regular Patch Tuesday update.

Hacking attacks targeting a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access prompted Redmond's security gnomes to issue an advisory on Monday. The flaw affects the Snapshot Viewer in Microsoft Office Access 2000, 2002 and 2003. Snapshot Viewer displays summaries of Microsoft Office Access reports without requiring Access itself to be run.

Redmond said the flaw has become the focus of targeted attacks. Attack scenarios involve tricking users into visiting sites containing rogue ActiveX controls designed to exploit the vulnerability. If successful the approach would allow hackers to obtain the same rights as logged-on users to compromised machines.

More: http://www.theregister.co.uk/2008/07/08/ms_snapshot_bug_workaround/

Collapse -
Yet another critical ActiveX exploit

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

8 July 2008

Just before Microsoft?s monthly Patch Tuesday, Microsoft has published a warning about targeted attacks that exploit a security flaw in an ActiveX control for Access database snapshots. Apparently, a buffer overflow can be exploited so that arbitrary code is executed with the user?s rights. Users who have one of the affected versions of Access need only open a web site in Internet Explorer to be under attack. In light of the hundreds of thousands of compromised web sites, this danger should not be taken lightly. The versions of the Snapshot Viewer installed with Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003 are vulnerable; the current Access 2007 was not mentioned in the list.

Microsoft recommends setting the kill bit for the ActiveX control. Web sites then cannot have Internet Explorer launch the vulnerable object, though local use is not affected. To do so, you will, however, have to make a change directly in the registry. Otherwise, you can also disable ActiveScripting ? VBScript and JavaScript ? for the internet zone or require a prompt before it is enabled. The heise Security UK browsercheck describes the details of Internet Explorer?s internet zones and how they can be changed.

More: http://www.heise-online.co.uk/security/Yet-another-critical-ActiveX-exploit--/news/111067

Collapse -
Microsoft SQL Server and MSDE Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30970
Release Date: 2008-07-08


Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation

Where: From local network

Solution Status: Vendor Patch


OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008



Software: Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 7

Description:
Four vulnerabilities have been reported in Microsoft SQL Server, which can be exploited by malicious users to gain escalated privileges.

Solution:
Apply patches.

Provided and/or discovered by:
1) The vendor credits an anonymous person.
2) The vendor credits an anonymous person.
3) The vendor credits Brett Moore, Insomnia Security via iDefense.
4) The vendor credits an anonymous person.

Original Advisory:
MS08-040 (KB941203):
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Collapse -
Microsoft Windows Explorer Saved Search Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30953
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Microsoft Windows Server 2008
Microsoft Windows Vista

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in Windows Explorer during the parsing of saved-search (.search-ms) files when saving them. This can be exploited to execute arbitrary code by tricking a user into opening and saving a specially crafted saved-search file.

Apply patches.

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/de...=06739ca6-7368-4acb-bb67-7e8146071a29

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/de...=74ea0893-7c2f-4fad-ad27-588ad953b046

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=189a4170-b495-4904-9cbd-209e7494d303

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/de...=85d8701d-f8c7-4079-8a21-a3a9d5ba71ce

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=b30ee4f0-850f-4ff3-86a4-663603a0a802

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS08-038 (KB950582):
http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx

Collapse -
Microsoft Outlook Web Access Script Insertion Vulnerabilitie

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30964
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Microsoft Exchange Server 2003
Microsoft Exchange Server 2007

Description:
Two vulnerabilities have been reported in Microsoft Outlook Web Access for Exchange Server, which can be exploited by malicious people to conduct script insertion attacks.

Solution:
Apply patches.

Microsoft Exchange Server 2003 SP2:
http://www.microsoft.com/downloads/de...=E099C1D1-5AF6-4D6C-B735-9599412B3131

Microsoft Exchange Server 2007:
http://www.microsoft.com/downloads/de...=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFA

Microsoft Exchange Server 2007 SP1:
http://www.microsoft.com/downloads/de...=63E7F26C-92A8-4264-882D-F96B348C96AB

Provided and/or discovered by:
The vendor credits Michael Jordan, Context Information Security.

Original Advisory:
MS08-039 (KB953747):
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx

Collapse -
Microsoft Windows DNS Spoofing Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

Secunia Advisory: SA30925
Release Date: 2008-07-08


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison the DNS cache.

Solution:
Apply patches.

Provided and/or discovered by:
1) The vendor credits Dan Kaminsky, IOActive.
2) Reported by the vendor.

Original Advisory:
MS08-037 (KB953230):
http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Collapse -
DNS Implementations Vulnerable to Cache Poisoning

In reply to: VULNERABILITIES \ FIXES - July 8, 2008

added July 8, 2008 at 03:37 pm

US-CERT is aware of deficiencies in the DNS protocol. Implementations of this protocol may leave the affected system vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker to obtain sensitive information or mislead users into believing they are visiting a legitimate website.

US-CERT encourages users to review "VU#800113 - Multiple DNS implementations vulnerable to cache poisoning" and apply any necessary solutions listed in that document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#dns_implementations_vulnerable_to_cache

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.