Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - June 4, 2008

by Marianna Schmudlach / June 4, 2008 3:29 AM PDT

Red Hat update for evolution

Secunia Advisory: SA30536
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0516.html

Other References:
SA30298:
http://secunia.com/advisories/30298/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - June 4, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - June 4, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Kaspersky Products kl1.sys Driver Buffer Overflow Vulnerabil
by Marianna Schmudlach / June 4, 2008 3:31 AM PDT

Secunia Advisory: SA30534
Release Date: 2008-06-04


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Anti-Virus for Windows Workstations 6.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x

Description:
A vulnerability has been reported in some Kaspersky products, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the kl1.sys driver. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code with kernel privileges.

The vulnerability is reported in the following versions:
* Kaspersky Anti-Virus 6.0 and 7.0
* Kaspersky Internet Security 6.0 and 7.0
* Kaspersky Anti-Virus 6.0 for Windows Workstations

Solution:
A patch is available via the built-in automatic updating module.

Provided and/or discovered by:
The vendor credits iDefense Labs.

Original Advisory:
Kaspersky Lab:
http://www.kaspersky.com/technews?id=203038727

Collapse -
Magic Rm AVI Mpeg to MP3 Converter & Editor NCTSoft ActiveX
by Marianna Schmudlach / June 4, 2008 3:32 AM PDT

Secunia Advisory: SA30533
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Magic Rm AVI Mpeg to MP3 Converter & Editor 2.x



Description:
Some vulnerabilities have been discovered in Magic Rm AVI Mpeg to MP3 Converter & Editor, which can be exploited by malicious people to compromise a user's system.

Solution:
Set the kill-bit for the affected ActiveX controls.

Original Advisory:
SA23475:
http://secunia.com/advisories/23475/

SA30414:
http://secunia.com/advisories/30414/

Collapse -
BitKinex WebDAV and FTP Clients Directory Traversal Vulnerab
by Marianna Schmudlach / June 4, 2008 3:33 AM PDT

Secunia Advisory: SA30532
Release Date: 2008-06-04


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: BitKinex 2.x



Description:
Tan Chew Keong has reported two vulnerabilities in BitKinex, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to input validation errors when processing responses to the FTP LIST and the WebDAV PROPFIND commands. This can be exploited to download files to an arbitrary location on a user's system via directory traversal specifiers in the filename.

Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP or WebDAV server.

The vulnerabilities are reported in version 2.9.3. Other versions may also be affected.

Solution:
Reportedly, the vulnerabilities will be fixed in an upcoming version 3.0.

Do not connect to untrusted FTP or WebDAV servers.

Provided and/or discovered by:
Tan Chew Keong

Original Advisory:
http://vuln.sg/bitkinex293-en.html

Collapse -
Code-it Software Products NCTAudioGrabber2 ActiveX Control B
by Marianna Schmudlach / June 4, 2008 3:34 AM PDT

Secunia Advisory: SA30531
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: aBasic Editor 10.x
Wave MP3 Editor 10.x
Wave MP3 Editor 15.x

Description:
Some vulnerabilities have been discovered in various Code-it Software products, which can be exploited by malicious people to compromise a user's system.

Solution:
Set the kill-bit for the affected ActiveX control.

Other References:
SA30414:
http://secunia.com/advisories/30414/

Collapse -
Ease MP3 Recorder NCTAudioFile2 ActiveX Control Buffer Overf
by Marianna Schmudlach / June 4, 2008 3:35 AM PDT

Secunia Advisory: SA30530
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Ease MP3 Recorder 1.x

Description:
A vulnerability has been discovered in Ease MP3 Recorder, which can be exploited by malicious people to compromise a user's system.

Solution:
Set the kill-bit for the affected ActiveX control.

Other References:
SA23475:
http://secunia.com/advisories/23475/

Collapse -
Ease Jukebox NCTSoft ActiveX Controls Buffer Overflow Vulner
by Marianna Schmudlach / June 4, 2008 3:37 AM PDT

Secunia Advisory: SA30529
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Ease Jukebox 1.x



Description:
Some vulnerabilities have been discovered in Ease Jukebox, which can be exploited by malicious people to compromise a user's system

Solution:
Set the kill-bit for the affected ActiveX controls.

Other References:
SA30414:
http://secunia.com/advisories/30414/

SA30415:
http://secunia.com/advisories/30415/

Collapse -
MightSOFT Products NCTSoft ActiveX Controls Buffer Overflow
by Marianna Schmudlach / June 4, 2008 3:38 AM PDT

Secunia Advisory: SA30528
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Audio Editor Pro 2.x
EZ Audio Server 2.x

Description:
Some vulnerabilities have been discovered in various MightSOFT products, which can be exploited by malicious people to compromise a user's system.

Solution:
Set the kill-bit for the affected ActiveX controls.

Other References:
SA23475:
http://secunia.com/advisories/23475/

SA30414:
http://secunia.com/advisories/30414/

Collapse -
Red Hat update for evolution and evolution28
by Marianna Schmudlach / June 4, 2008 3:39 AM PDT

Secunia Advisory: SA30527
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4



Software: RHEL Optional Productivity Applications (v. 5 server)

Description:
Red Hat has issued an update for evolution and evolution28. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0514.html
https://rhn.redhat.com/errata/RHSA-2008-0515.html

Other References:
SA30298:
http://secunia.com/advisories/30298/

Collapse -
IBM WebSphere Application Server Web Services Unspecified Vu
by Marianna Schmudlach / June 4, 2008 3:40 AM PDT

Secunia Advisory: SA30526
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


Software: IBM WebSphere Application Server 6.1.x

Description:
A vulnerability with an unknown impact has been reported in IBM WebSphere Application Server.

The vulnerability is caused due to an unspecified error related to an attribute in the SOAP security header in Web Services applications. No further information is currently available.

Solution:
Apply Fix Pack 17 (6.1.0.17).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PK61315):
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951

Collapse -
Saga CD Ripper NCTAudioGrabber2 ActiveX Control Buffer Overf
by Marianna Schmudlach / June 4, 2008 3:42 AM PDT

Secunia Advisory: SA30525
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Saga CD Ripper 1.x



Description:
Some vulnerabilities have been discovered in Saga CD Ripper, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are confirmed in version 1.04. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Other References:
SA30414:
http://secunia.com/advisories/30414/

Collapse -
Sun Java System Active Server Pages Multiple Vulnerabilities
by Marianna Schmudlach / June 4, 2008 3:43 AM PDT

Secunia Advisory: SA30523
Release Date: 2008-06-04


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java System Active Server Pages 4.x

Description:
Some vulnerabilities and a security issue have been reported in Sun Java System Active Server Pages, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to disclose sensitive information, manipulate certain data, bypass certain security restrictions, or to compromise a vulnerable system.

Solution:
Update to version 4.0.3
https://cds.sun.com/is-bin/INTERSHOP....tRef=SJASP-4.0.3-OTH-G-TP@CDS-CDS_SMI

Provided and/or discovered by:
1-6) An anonymous person, reported via iDefense
5) Joshua J. Drake, iDefense Labs

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710

Collapse -
Gentoo update for mtr
by Marianna Schmudlach / June 4, 2008 3:45 AM PDT

Secunia Advisory: SA30522
Release Date: 2008-06-04


Critical:
Less critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for mtr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Update to "net-analyzer/mtr-0.73-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200806-01.xml

Other References:
SA30312:
http://secunia.com/advisories/30312/

Collapse -
Gentoo update for libxslt
by Marianna Schmudlach / June 4, 2008 3:46 AM PDT

Secunia Advisory: SA30521
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for libxslt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Solution:
Update to "dev-libs/libxslt-1.1.24" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200806-02.xml

Other References:
SA30315:
http://secunia.com/advisories/30315/

Collapse -
CA Secure Content Manager Multiple Vulnerabilities
by Marianna Schmudlach / June 4, 2008 3:47 AM PDT

Secunia Advisory: SA30518
Release Date: 2008-06-04


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: eTrust Secure Content Manager (SCM)

Description:
Some vulnerabilities have been reported in CA eTrust Content Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors when processing certain FTP requests and can be exploited to cause e.g. stack-based buffer overflows.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities are reported in CA eTrust Secure Content Manager 8.0.

Solution:
Apply patch QO99987 (please see the vendor's advisory for details):
https://support.ca.com/irj/portal/ano...s?reqPage=search&searchID=QO99987

Provided and/or discovered by:
The vendor credits Sebastian Apelt and Cody Pierce.

Original Advisory:
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408
https://support.ca.com/irj/portal/ano...arNo=QO99987&os=NT&actionID=3

Collapse -
Asterisk "pedantic" SIP Processing Denial of Service
by Marianna Schmudlach / June 4, 2008 3:49 AM PDT

Secunia Advisory: SA30517
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Asterisk 1.x
Asterisk Business Edition 2.x

Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error in the "ast_uri_decode()" function. This can be exploited to crash the application via a SIP message lacking a "From" field.

Successful exploitation requires that "pedantic" processing is enabled.

The vulnerability is reported in the following products:
* Asterisk Open Source 1.0.x (all versions)
* Asterisk Open Source 1.2.x (all versions prior to 1.2.29)
* Asterisk Business Edition A.x.x (all versions)
* Asterisk Business Edition B.x.x (all versions prior to B.2.5.3)

Solution:
Asterisk Open Source:
Update to version 1.2.29.

Asterisk Business Edition:
Update to version B.2.5.3.

Provided and/or discovered by:
The vendor credits Hooi Ng.

Original Advisory:
http://downloads.digium.com/pub/security/AST-2008-008.html

http://bugs.digium.com/view.php?id=12607

Collapse -
HP Instant Support HPISDataManager.dll ActiveX Control Multi
by Marianna Schmudlach / June 4, 2008 3:50 AM PDT

Secunia Advisory: SA30516
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: HP Instant Support 1.x

Description:
Some vulnerabilities have been reported in HP Instant Support, which potentially can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

The vulnerabilities are reported in HP Instant Support HPISDataManager.dll version 1.0.0.22 and earlier.

Solution:
Update to version 1.0.0.24.
http://www.hp.com/go/ispe (choose &qu...h an online diagnostic session")

Provided and/or discovered by:
Dennis Rand, CSIS Security Research and Intelligence

Changelog:
2008-06-04: Updated advisory with additional information provided by CSIS Security Research and Intelligence. Added link to "Original Advisory" section.

Original Advisory:
HP:
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

CSIS Security Research and Intelligence:
http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf

Other References:
US-CERT VU#754403:
http://www.kb.cert.org/vuls/id/754403

US-CERT VU#558163:
http://www.kb.cert.org/vuls/id/558163

US-CERT VU#221123:
http://www.kb.cert.org/vuls/id/221123

US-CERT VU#526131:
http://www.kb.cert.org/vuls/id/526131

US-CERT VU#949587:
http://www.kb.cert.org/vuls/id/949587

US-CERT VU#857539:
http://www.kb.cert.org/vuls/id/857539

US-CERT VU#190939:
http://www.kb.cert.org/vuls/id/190939

US-CERT VU#998779:
http://www.kb.cert.org/vuls/id/998779

Collapse -
Ubuntu update for linux
by Marianna Schmudlach / June 4, 2008 3:52 AM PDT

Secunia Advisory: SA30515
Release Date: 2008-06-04


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-June/000714.html

Other References:
SA28696:
http://secunia.com/advisories/28696/

SA30044:
http://secunia.com/advisories/30044/

SA30101:
http://secunia.com/advisories/30101/

Collapse -
Joomla JoomRadio Component "id" SQL Injection
by Marianna Schmudlach / June 4, 2008 3:53 AM PDT

Secunia Advisory: SA30513
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: JoomRadio 2.x (component for Joomla)

Description:
His0k4 has discovered two vulnerabilities in the JoomRadio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in the Joomla! installation's index.php script (when "option" is set to "com_joomradio", and "page" is set to either "show_radio" or "show_video") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerabilities are confirmed in version 2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5729

Collapse -
Icona SpA DownloaderActiveX ActiveX Control Module Code Exec
by Marianna Schmudlach / June 4, 2008 3:54 AM PDT

Secunia Advisory: SA30512
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Icona SpA DownloaderActiveX ActiveX Control Module 1.x

Description:
Nine:Situations:Group::SnoopyAssault has discovered a vulnerability in Icona SpA DownloaderActiveX ActiveX Control Module, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the Icona SpA DownloaderActiveX ActiveX Control Module (DownloaderActiveX.ocx) when handling the "propDownloadUrl" and "propPostDownloadAction" properties. This can be exploited to e.g. download and execute a malicious program when a user is tricked into visiting a malicious website.

The vulnerability is confirmed in version 1.0.0.1. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Nine:Situations:Group::SnoopyAssault

Original Advisory:
http://retrogod.altervista.org/9sg_c6_download_exec.html

Collapse -
Joomla IDoBlog Component "userid" SQL Injection
by Marianna Schmudlach / June 4, 2008 3:55 AM PDT

Secunia Advisory: SA30505
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: IDoBlog 1.x (component for Joomla)

Description:
His0k4 has discovered a vulnerability in the IDoBlog component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "userid" parameter in the Joomla! installation's index.php script (when "option" is set to "com_idoblog" and "task" to "userblog") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a proxy.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5730

Collapse -
Battle Blog "entry" SQL Injection Vulnerability
by Marianna Schmudlach / June 4, 2008 3:56 AM PDT

Secunia Advisory: SA30503
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Battle Blog 1.x



Description:
Bl@ckbe@rD has reported a vulnerability in Battle Blog, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "entry" parameter in comment.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.25. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Bl@ckbe@rD

Original Advisory:
http://milw0rm.com/exploits/5731

Collapse -
QuickerSite Multiple Vulnerabilities
by Marianna Schmudlach / June 4, 2008 3:58 AM PDT

Secunia Advisory: SA30501
Release Date: 2008-06-04


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of system information
System access

Where: From remote

Solution Status: Vendor Patch


Software: QuickerSite 1.x

Description:
AmnPardaz Security Research Team has reported multiple vulnerabilities in QuickerSite, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, script insertion attacks, SQL injection attacks, and potentially compromise a vulnerable system.

Solution:
Contact the vendor to receive hotfixes.

Provided and/or discovered by:
AmnPardaz Security Research Team

Original Advisory:
http://bugreport.ir/index.php?/39

Collapse -
CMS Easyway "mid" SQL Injection Vulnerability
by Marianna Schmudlach / June 4, 2008 3:59 AM PDT

Secunia Advisory: SA30494
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: CMS Easyway

Description:
Lidloses_Auge has reported a vulnerability in CMS Easyway, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "mid" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving usernames and password hashes.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Lidloses_Auge

Original Advisory:
http://milw0rm.com/exploits/5706

Collapse -
Sleipnir Script Execution Vulnerability
by Marianna Schmudlach / June 4, 2008 4:00 AM PDT

Secunia Advisory: SA30487
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Sleipnir 2.x

Description:
A vulnerability has been reported in Sleipnir, which can be exploited by malicious people to execute arbitrary script code.

The vulnerability is caused due to an error related to the "favorite search function", which can be exploited to execute arbitrary script code in a user's browser session.

The vulnerability is reported in Sleipnir 2.7.1 Release2 and earlier.

Solution:
Update to version 2.7.2.

Provided and/or discovered by:
Syuuya Ueki

Original Advisory:
JVN:
http://jvn.jp/jp/JVN25448394/index.html

Fenrir:
http://www.fenrir.co.jp/sleipnir/note.html

Collapse -
Joomla JooBlog Component "CategoryID" SQL Injection
by Marianna Schmudlach / June 4, 2008 4:01 AM PDT

Secunia Advisory: SA30443
Release Date: 2008-06-04


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: JooBlog 0.x (component for Joomla)

Description:
His0k4 has discovered a vulnerability in the JooBlog component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "CategoryID" parameter in the Joomla! installation's index.php script (when "option" is set to "com_jb2" and "view" to "category") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator password hashes.

The vulnerability is confirmed in version 0.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5734

Collapse -
Evolution iCalendar Two Buffer Overflow Vulnerabilities
by Marianna Schmudlach / June 4, 2008 4:02 AM PDT

Secunia Advisory: SA30298
Release Date: 2008-06-04


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: GNOME Evolution 2.x
Novell Evolution 2.x

Description:
Secunia Research has discovered two vulnerabilities in Evolution, which can be exploited by malicious people to compromise a user's system.

Solution:
Do not select untrusted e-mail messages.

Various Linux vendors will issue patched versions soon.

Provided and/or discovered by:
Alin Rad Pop, Secunia Research

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-22/
http://secunia.com/secunia_research/2008-23/

Collapse -
Tomcat Host-Manager XSS Vulnerability
by Marianna Schmudlach / June 4, 2008 4:17 AM PDT
Collapse -
Asterisk Crash Vulnerability In SIP Channel Driver When run
by Marianna Schmudlach / June 4, 2008 4:19 AM PDT

Asterisk Crash Vulnerability In SIP Channel Driver When run in Pedantic Mode

Summary
During Asterisk's pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.

Credit:
The information has been provided by Asterisk Security Team.
The original article can be found at: http://downloads.digium.com/pub/security/AST-2008-008.html

http://www.securiteam.com/securitynews/5SP0115OKC.html

Collapse -
Sun Releases Java ASP Server 4.0.3
by Marianna Schmudlach / June 4, 2008 4:21 AM PDT

added June 4, 2008 at 02:12 pm

Sun has released Java ASP Server 4.0.3 to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the root user or the user running the Sun Java ASP server, obtain sensitive information, or bypass security restrictions.

US-CERT encourages users to review Sun Alert 238184 and upgrade to Java ASP Server 4.0.3 or apply the workarounds listed in the Sun Alert.


http://www.us-cert.gov/current/current_activity.html#sun_releases_java_asp_server

Collapse -
Hacker tools website hacked
by Marianna Schmudlach / June 4, 2008 5:11 AM PDT

H. D. Moore's prominent Metasploit exploit framework website has succumbed to an ARP cache poisoning attack on its hosting company. Using faked ARP packets, Chinese hackers altered the ARP cache on H. D. Moore's server, causing it to redirect packets to a compromised server controlled by the attackers on the same network at the hosting company. The content "hacked by sunwear! just for fun" was injected into the diverted http traffic on the fly. Moore's server was probably not specifically targeted for the attack, however: the hackers altered the ARP caches of all servers on the affected network.

More: http://www.heise-online.co.uk/security/Hacker-tools-website-hacked--/news/110854

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.