VULNERABILITIES \ FIXES - June 15, 2009

Release Date: 2009-06-15

Impact: Security Bypass
Spoofing
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system.

http://secunia.com/advisories/35447/

Release Date: 2009-06-15

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: SugarCRM 5.x

Description:
A vulnerability has been reported in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.

An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload files and e.g. execute arbitrary PHP code.

Successful exploitation requires a valid user account and access to the "compose email" section.

http://secunia.com/advisories/35445/

Release Date: 2009-06-15

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0

Description:
Debian has issued an update for libsndfile. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

http://secunia.com/advisories/35443/

Release Date: 2009-06-15

Critical:
Not critical
Impact: Security Bypass
Where: From remote
Solution Status: Partial Fix

Software: Norman Endpoint Protection 7.x
Norman Network Protection 3.x
Norman Security Suite 7.x
Norman Virus Control 5.x (Windows)
Norman Virus Control 5.x for Domino
Norman Virus Control 5.x for Exchange 2000
Norman Virus Control 5.x for Exchange 5.5
Norman Virus Control 5.x for Firewall-1
Norman Virus Control 5.x for IIS
Norman Virus Control 5.x for Linux
Norman Virus Control 5.x for MimeSweeper

Description:
Some weaknesses have been reported in various Norman products, which can be exploited by malware to bypass the scanning functionality.

The weaknesses are caused due to errors within Norman's compression library (NCL) in the handling of RAR and CAB file archives, which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files.

The weaknesses are reported in the following products:
* Norman Virus Control single user and corporate versions
* Norman Internet Control
* Norman Virus Control E-mail plugins
* Norman Endpoint Protection
* Norman Security Suite
* Norman Network Protection


http://secunia.com/advisories/35442/

Release Date: 2009-06-15

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Green Dam 3.x

Description:
A vulnerability has been reported in Green Dam, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when filtering URLs and can be exploited to cause a stack-based buffer overflow by redirecting the browser to an overly long URL.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 3.17. Other versions may also be affected.

http://secunia.com/advisories/35435/

Release Date: 2009-06-15

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: 4images 1.x

Description:
Two vulnerabilities have been reported in 4images, which can be exploited by malicious people to disclose sensitive information and by malicious users to conduct script insertion attacks.

http://secunia.com/advisories/35427/

Release Date: 2009-06-15

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Zip Store Chat 4.x
Zip Store Chat 5.x

Description:
A vulnerability has been reported in Zip Store Chat, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "login" and "senha" parameters in admin/index.asp is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows logging in as administrator without valid credentials.

The vulnerability is reported in versions 4.0 and 5.0. Other versions may also be affected.

http://secunia.com/advisories/35417/

Release Date: 2009-06-15

Critical:
Highly critical
Impact: Manipulation of data
System access
Where: From remote
Solution Status: Vendor Patch

Software: FireStats 1.x (plugin for WordPress)

Description:
Some vulnerabilities have been reported in the FireStats plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks or to compromise a vulnerable system.

http://secunia.com/advisories/35400/

Release Date: 2009-06-15

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: transLucid 1.x

Description:
macd3v and MaXe have discovered some vulnerabilities in transLucid, which can be exploited by malicious users or malicious people to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

http://secunia.com/advisories/35389/

Release Date: 2009-06-15

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: TBDEV.NET

Description:
Some vulnerabilities have been reported in TBDEV.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "returnto" parameter in makepoll.php and polls.php, and to the "info" parameter in my.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 01-01-2008. Other versions may also be affected.

http://secunia.com/advisories/35378/

Release Date: 2009-06-15

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: Pivot 1.x

Description:
Some vulnerabilities have been discovered in Pivot, which can be exploited by malicious people to conduct cross-site scripting attacks.


http://secunia.com/advisories/35363/

Release Date: 2009-06-15

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
System access
Where: From local network
Solution Status: Unpatched

OS: ATEN KH1516i
ATEN KN9116

Description:
Some vulnerabilities have been reported in ATEN KH1516i and KN9116, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and potentially compromise a user's system.

http://secunia.com/advisories/35241/

Release Date: 2009-06-15

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 5.0

Description:
Debian has issued an update for libtorrent-rasterbar. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

http://secunia.com/advisories/34241/

15 June 2009,

Symantec has reported a security problem in several of its anti-virus products for business and private users. As a result of a bug, the software can be fooled into overlooking malware when searching through specially crafted archives. The manipulation to create such archives formats them incorrectly, but even so, some applications and unpackers are still able to extract files from them.

This lack of detection is a particular problem at security gateways on network boundaries, with the result that for instance, for businesses, the opportunity of detecting a possible infection threat is reduced to that last line of defence, the anti-virus software on the end user's desktop. This particularly reduces the effectiveness of multi-tier approaches that use different anti-virus products.

Symantec nonetheless categorises the severity of the problem as low and in its security advisory merely provides tips for possible workarounds, rather than releasing an update. Administrators should, for example, change their gateway settings so that damaged archives are discarded. The evaluation of such vulnerabilities is a major point of distinction between different anti-virus product vendors. Last year, F-Secure evaluated the risk from such a vulnerability as high.

More: http://www.h-online.com/security/Security-problems-in-multiple-anti-virus-products--/news/113529

June 15th, 2009

Posted by Dancho Danchev

China?s Ministry of Industry and Information Technology has instructed the developers of the Green Dam censorware, to briefly release a patch in regard to last week?s published analysis detailing the possibility of remotely exploitable vulnerabilities within the software.

Jinhui Computer System Engineering Co, developer of Green Dam, insisted that the software is just a vulnerable as any other, and that their expertise is in coding Internet filtering software, and not necessarily one with security in mind ? pretty interesting comment taking into consideration the fact that the developer earned millions in the process of coding it.

Moreover, despite the fact that Green Dam made the headlines in 2009, and quickly received the necessary reverse-engineering attention which exposed the security flaws within, the vulnerable version of censorware has been shipped to Chinese users as of early 2008.

More: http://blogs.zdnet.com/security/?p=3606