Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 9, 2008

Unpatched Word Vulnerability

Published: 2008-07-09,
Last Updated: 2008-07-09 02:20:40 UTC
by Johannes Ullrich

What a busy day! Microsoft just released an advisory with details about a new vulnerability in Word, which is currently being exploited in targeted attacks.

Earlier today, we found a mention of such a vulnerability in an advisory published by Symantec. Symantec published this advisory based on a sample our handler Maarten sent to our malware distribution list. The file in question was actually part of a bundle of files he sent. As far as we know, this is the only sample we had which exploits this vulnerability.

Please read the Microsoft advisory carefully. According to Microsoft's testing, it only affects Microsoft Office Word 2002 Service Pack 3. This is one reason we didn't consider this particular sample as we didn't test it with this particular version of Office.

More: http://isc.sans.org/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 9, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 9, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for moodle

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31018
Release Date: 2008-07-09


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8

Description:
Fedora has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update moodle").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html

Other References:
SA30986:
http://secunia.com/advisories/30986/

Collapse -
Red Hat update for pidgin

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31016
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Software: RHEL Optional Productivity Applications (v. 5 server)

Description:
Red Hat has issued an update for pidgin. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0584.html

Other References:
SA30971:
http://secunia.com/advisories/30971/

Collapse -
Moodle KSES HTML Filter Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31017
Release Date: 2008-07-09


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Workaround


Software: Moodle 1.6.x
Moodle 1.7.x

Description:
Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Fixed in recent nightly versions of the 1.7.x or 1.6.x branches.

Upgrade to version 1.8.5 or 1.9.

Provided and/or discovered by:
Lukasz Pilorz, Allegro.pl

Original Advisory:
http://moodle.org/mod/forum/discuss.php?d=95031

Collapse -
Sun Solaris DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31014
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Unpatched


OS: Sun Solaris 8
Sun Solaris 9

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

The vulnerability affects Solaris 8, 9, and OpenSolaris.

Solution:
A final resolution is pending completion.

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7ECLCC

Collapse -
Juniper Networks Products DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31012
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: JUNOS 8.x
NetScreen ScreenOS 5.x
NetScreen ScreenOS 6.x

Description:
A vulnerability has been reported in various Juniper Network products, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

The following products are affected:
* Network firewalls running ScreenOS software
* J-series routers running JUNOS Enhanced Services Software (junos-jsr) built prior to May 23, 2008.
* Juniper switching products running JUNOS Enhanced Switching Software (junos-ex) built prior to May 23, 2008.

Solution:
Contact Juniper Networks Customer Support Center for product updates.
https://www.juniper.net/alerts/viewal...ber=PSN-2008-06-040&viewMode=view

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://www.kb.cert.org/vuls/id/MIMG-7DWR4Z

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113

Collapse -
Nominum CNS and Vantio DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31011
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


Software: Nominum Caching Name Server (CNS) 3.x
Nominum Vantio (CNS) 3.x

Description:
Nominum has acknowledged a vulnerability in Nominum CNS and Vantio, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.

Solution:
Update to CNS version 3.0.4.0 and Vantio version 3.3.1.0 or later.

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
Nominum:
http://www.nominum.com/asset_upload_file741_2661.pdf

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113

Collapse -
Sun Java JDK / JRE Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31010
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Java Web Start 1.x
Java Web Start 5.x
Java Web Start 6.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x

Description:
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

Solution:
Update to the fixed version.

JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html

Provided and/or discovered by:
1) The vendor credits Fujitsu
4) The vendor credits:
* John Heasman of NGSSoftware
* An anonymous researcher, reporting via ZDI
5) Peter Csepely, reporting via ZDI
6) The vendor credits John Heasman of NGSSoftware
7) The vendor credits Gregory Fleischer
10) The vendor credits John Heasman of NGSSoftware

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1

Collapse -
rPath update for firefox

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31008
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Update to "firefox=conary.rpath.com@rpl:1/2.0.0.15-0.1-1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-July/000366.html

Other References:
SA30911:
http://secunia.com/advisories/30911/

Collapse -
rPath update for vsftpd

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31007
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak when using PAM and can be exploited to exhaust all available memory via multiple invalid authentication requests.

Solution:
Update to "vsftpd=conary.rpath.com@rpl:1/2.0.3-13.4-1".

Provided and/or discovered by:
Originally reported via a Red Hat bug report.

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-July/000367.html

https://bugzilla.redhat.com/show_bug.cgi?id=453376

Collapse -
rPath update for ruby

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31006
Release Date: 2008-07-09


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to "ruby=conary.rpath.com@rpl:1/1.8.6_p230-3-0.1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-July/000368.html

Other References:
SA30924:
http://secunia.com/advisories/30924/

Collapse -
Fedora update for seamonkey

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31005
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages via the yum utility ("yum update seamonkey").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html

Other References:
SA29860:
http://secunia.com/advisories/29860/

Collapse -
Lastminute Script "cid" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31004
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Lastminute Script 4.x

Description:
t0pP8uZz has reported a vulnerability in Lastminute Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cid" parameter in index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 4.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz

Original Advisory:
http://milw0rm.com/exploits/6027

Collapse -
Gentoo update for poppler

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31002
Release Date: 2008-07-09


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for poppler. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

Solution:
Update to "app-text/poppler-0.6.3-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-04.xml

Other References:
SA30963:
http://secunia.com/advisories/30963/

Collapse -
Adobe RoboHelp Server Help Errors Log Cross-Site Scripting

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA31001
Release Date: 2008-07-09


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Adobe RoboHelp Server 6.x
Adobe RoboHelp Server 7.x

Description:
A vulnerability has been reported in Adobe RoboHelp Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input is not properly sanitised before being returned to a user with access to the RoboHelp Help Errors log. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in RoboHelp Server versions 6 and 7.

Solution:
Apply updates (see vendor's advisory for details).

Provided and/or discovered by:
The vendor credits:
* Vulnerability Research Team of Assurent Secure Technologies (TELUS)
* Greg Patton of PropertyInfo Corporation

Original Advisory:
APSB08-16:
http://www.adobe.com/support/security/bulletins/apsb08-16.html

Collapse -
Ray "sIncPath" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30999
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Ray 3.x



Description:
RoMaNcYxHaCkEr has reported a vulnerability in Ray, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "sIncPath" parameter in modules/global/inc/content.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 3.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
RoMaNcYxHaCkEr

Original Advisory:
http://milw0rm.com/exploits/6028

Collapse -
Ubuntu update for bind

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30998
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000726.html

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Download Accelerator Plus M3U File Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30997
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Download Accelerator Plus 7.x
Download Accelerator Plus 8.x

Description:
Krystian Kloskowski has discovered a vulnerability in Download Accelerator Plus, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when verifying URLs within a .m3u file. This can be exploited to cause a stack-based buffer overflow when a user is tricked into verifying an overly long URL in a specially crafted .m3u file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 8.6.6.3 (DAP.exe) and 7.0.1.3 (DAP.exe). Other versions may also be affected.

Solution:
Do not import .m3u files from untrusted sources.

Provided and/or discovered by:
Krystian Kloskowski (h07)

Changelog:
2008-07-09: Added version 7.x to list of affected products.

Original Advisory:
http://milw0rm.com/exploits/6030

Collapse -
SafeHTML "dir[plugins]" File Inclusion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30995
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: SafeHTML 1.x

Description:
RoMaNcYxHaCkEr has reported some vulnerabilities in SafeHTML, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "dir[plugins]" parameter in HTMLSax3.php and safehtml.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
RoMaNcYxHaCkEr

Original Advisory:
http://milw0rm.com/exploits/6024

Collapse -
FFmpeg libavformat "str_read_packet()" Buffer Overflow

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30994
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Workaround


Software: FFmpeg 0.x







Description:
A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file.

Solution:
Fixed in the SVN repository at revision 13993.
http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993

Provided and/or discovered by:
Reported in an FFmpeg bug report.

Original Advisory:
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311

Collapse -
Fedora update for sipp

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30993
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for sipp. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update sipp").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00311.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00318.html

Other References:
SA30095:
http://secunia.com/advisories/30095/

Collapse -
Fedora update for WebKit

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30992
Release Date: 2008-07-09


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for WebKit. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update WebKit").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html

Other References:
SA30775:
http://secunia.com/advisories/30775/

Collapse -
vBulletin Two Script Insertion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30991
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: vBulletin 3.x

Description:
Some vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via "PHP_SELF" or via the "do" parameter when requesting a missing page is not properly sanitised before being logged. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrator's browser session in context of an affected site when the malicious logs are being viewed.

NOTE: Reportedly, the vulnerabilities can be exploited to inject and execute arbitrary PHP code on an affected system.

The vulnerabilities are reported in version 3.7.2 and 3.6.10 PL2. Prior versions may also be affected.

Solution:
Update to version 3.7.2 PL1 or 3.6.10 PL3.

Provided and/or discovered by:
Jessica Hope and anonymous persons

Original Advisory:
vBulletin:
http://www.vbulletin.com/forum/showthread.php?t=277945

Jessica Hope:
http://seclists.org/fulldisclosure/2008/Jul/0067.html

Collapse -
Debian bind DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30989
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Workaround


OS: Debian GNU/Linux 4.0

Description:
Debian has acknowledged a vulnerability in bind, which can be exploited by malicious people to poison the DNS cache.

Solution:
There is no updated bind package. The vendor recommends to migrate to bind9 instead.
http://lists.debian.org/debian-security-announce/2008/msg00185.html

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00185.html

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Debian update for bind9

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30988
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Apply updated packages. See vendor's advisory for additional notes.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00184.html

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Dokeos "include" Local File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30987
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Exposure of sensitive information
Exposure of system information

Where: From remote

Solution Status: Vendor Workaround


Software: Dokeos 1.x



Description:
A vulnerability has been reported in Dokeos, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "include" parameter in user_portal.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that the application is running on Windows.

The vulnerability is reported in version 1.8.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified. Please see vendor advisory for more details.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8.5

Collapse -
Hotel Script "file" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30985
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Hotel Script 1.x


Description:
t0pP8uZz has reported a vulnerability in Hotel Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "file" parameter in index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz

Original Advisory:
http://milw0rm.com/exploits/6021

Collapse -
Real Estate Script "listing_id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30984
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Real Estate Script 1.x

Description:
t0pP8uZz has reported a vulnerability in Real Estate Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "listing_id" parameter in index.php (when "go" is set to "listings") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz

Original Advisory:
http://milw0rm.com/exploits/6022

Collapse -
BrewBlogger "authenticateUser()" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30983
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: BrewBlogger 2.x



Description:
CWH Underground has discovered a vulnerability in BrewBlogger, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "username" parameter to the "authenticateUser()" function in includes/authentication.inc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. logging in as administrator without valid administrator credentials, but requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 2.1.0.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/6023

Collapse -
Dolphin File Inclusion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30981
Release Date: 2008-07-09


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Dolphin 6.x

Description:
RoMaNcYxHaCkEr has reported some vulnerabilities in Dolphin, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities are reported in version 6.1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
RoMaNcYxHaCkEr

Original Advisory:
http://milw0rm.com/exploits/6024

Other References:
SA30995:
http://secunia.com/advisories/30995/

Collapse -
Sun Solaris 10 DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 9, 2008

Secunia Advisory: SA30980
Release Date: 2008-07-09


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Sun Solaris 10

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

Solution:
Apply patches.

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7ECLCC

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.