Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 10, 2008

by Marianna Schmudlach / March 10, 2008 4:06 AM PDT

Gentoo update for ghostscript

Secunia Advisory: SA29314
Release Date: 2008-03-10


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for ghostscript-esp, ghostscript-gpl, and ghostscript-gnu. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Ghostscript ESP users:
Update to "app-text/ghostscript-esp-8.15.4-r1" or later.

Ghostscript GPL users:
Update to "app-text/ghostscript-gpl-8.61-r3" or later.

Ghostscript GNU users:
Update to "app-text/ghostscript-gnu-8.60.0-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml

Other References:
SA29103:
http://secunia.com/advisories/29103/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 10, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 10, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Panda Products cpoint.sys Privilege Escalation Vulnerabiliti
by Marianna Schmudlach / March 10, 2008 4:08 AM PDT

Secunia Advisory: SA29311
Release Date: 2008-03-10


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


Software: Panda Antivirus + Firewall 2008
Panda Internet Security 2008



Description:
Tobias Klein has reported some vulnerabilities in Panda products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Input validation errors in the cpoint.sys driver when handling certain IOCTL requests (e.g. 0xba002848) can be exploited to overwrite arbitrary memory and execute code with kernel privileges via specially crafted IOCTL requests.

The vulnerabilities affect the following products:
* Panda Internet Security 2008
* Panda Antivirus + Firewall 2008

Solution:
Apply hotfix.

Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe

Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe

Provided and/or discovered by:
Tobias Klein

Original Advisory:
Panda:
http://www.pandasecurity.com/homeuser...=41337&idIdioma=2&ref=ProdExp
http://www.pandasecurity.com/homeuser...=41231&idIdioma=2&ref=ProdExp

http://www.trapkit.de/advisories/TKADV2008-001.txt

Collapse -
PacketTrap pt360 TFTP Filename Handling Denial of Service
by Marianna Schmudlach / March 10, 2008 4:10 AM PDT

Secunia Advisory: SA29308
Release Date: 2008-03-10


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Unpatched


Software: PacketTrap pt360 2.x

Description:
Luigi Auriemma has reported a vulnerability in PacketTrap pt360 TFTP server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain invalid filenames. This can be exploited to prevent the TFTP server from responding by sending specially crafted requests to the service.

The vulnerability is reported in version 2.0.3901.0. Other versions may also be affected.

Solution:
Use a firewall to allow only trusted hosts access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/packettrash-adv.txt

Collapse -
Acronis True Image Echo Group Server and Windows Agent Denia
by Marianna Schmudlach / March 10, 2008 4:14 AM PDT

Secunia Advisory: SA29306
Release Date: 2008-03-10


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Unpatched


Software: Acronis True Image Echo Enterprise Server 9.x



Description:
Luigi Auriemma has reported some vulnerabilities in Acronis True Image Echo, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An input validation error within the Acronis Group Server component can be exploited to cause the service to crash via a specially crafted packet.

2) A NULL-pointer dereference error within the Acronis True Image Windows Agent component can be exploited to cause the service to crash via a specially crafted packet.

The vulnerabilities are reported in Acronis Group Server version 1.5.19.191 and Acronis True Image Windows Agent version 1.0.0.54 included in Acronis True Image Echo Enterprise Server version 9.5.0.8072. Other versions may also be affected.

Solution:
Restrict network access to the services.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/acrogroup-adv.txt
http://aluigi.altervista.org/adv/acroagent-adv.txt

Collapse -
Acronis Snap Deploy PXE Server TFTP Vulnerabilities
by Marianna Schmudlach / March 10, 2008 4:15 AM PDT

Secunia Advisory: SA29305
Release Date: 2008-03-10


Critical:
Less critical
Impact: Exposure of sensitive information
DoS

Where: From local network

Solution Status: Unpatched


Software: Acronis Snap Deploy 2.x
Acronis Snap Deploy Server 2.x

Description:
Luigi Auriemma has reported some vulnerabilities in Acronis Snap Deploy, which can be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).

1) A NULL-pointer dereference error within the PXE Server (pxesrv.exe) can be exploited to crash the service via a specially crafted TFTP request.

2) An input validation error within the PXE Server can be exploited to download arbitrary files outside the TFTP root via directory traversal attacks.

The vulnerabilities are reported in version 2.0.0.1076. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/acropxe-adv.txt

Collapse -
Argon Client Management Services TFTP Server Directory Trave
by Marianna Schmudlach / March 10, 2008 4:17 AM PDT

Secunia Advisory: SA29302
Release Date: 2008-03-10


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From local network

Solution Status: Unpatched


Software: Argon Client Management Services (CMS) 1.x



Description:
Luigi Auriemma has discovered a vulnerability in Argon Client Management Services, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an input validation error within the TFTP server (TFTPsrvs.exe) in the handling of filenames. This can be exploited to download arbitrary files from an affected system via directory traversal attacks.

The vulnerability is confirmed in Argon Client Management Services version 1.31 (TFTPsrvs.exe version 2.5.3.1). Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/argonauti-adv.txt

Collapse -
AIX "man" Insecure Program Execution Vulnerability
by Marianna Schmudlach / March 10, 2008 4:18 AM PDT

Secunia Advisory: SA29301
Release Date: 2008-03-10


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: AIX 6.x

Description:
A vulnerability has been reported in AIX, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that "man" invokes other binaries without full pathnames. This may be exploited to execute arbitrary code with the privileges of a user running "man" by placing a malicious program in the path.

Solution:
Apply APAR.

AIX 6.1.0:
Apply APAR IZ17177.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ17177

Collapse -
MailEnable SMTP Service EXPN/VRFY Denial of Service
by Marianna Schmudlach / March 10, 2008 4:20 AM PDT

Secunia Advisory: SA29300
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: MailEnable Enterprise Edition 1.x
MailEnable Enterprise Edition 2.x
MailEnable Enterprise Edition 3.x
MailEnable Professional 1.x
MailEnable Professional 2.x
MailEnable Professional 3.x
MailEnable Standard 1.x



Description:
A vulnerability has been reported in MailEnable, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the SMTP service when handling EXPN or VRFY commands. This can be exploited to cause the service to crash via a specially crafted EXPN or VRFY command.

The vulnerability reportedly affects all versions.

Solution:
Apply hotfix (ME-10039).
http://www.mailenable.com/hotfix/ME-10039.EXE

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.mailenable.com/hotfix/

Collapse -
QuickTicket "id" SQL Injection Vulnerability
by Marianna Schmudlach / March 10, 2008 4:21 AM PDT

Secunia Advisory: SA29299
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: QuickTicket 1.x



Description:
croconile has discovered a vulnerability in QuickTicket, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in qti_usr.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving the administrator password hash, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 1.5.0.3 and reported in version 1.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
croconile

Original Advisory:
http://milw0rm.com/exploits/5222

Collapse -
BM Classifieds Two SQL Injection Vulnerabilities
by Marianna Schmudlach / March 10, 2008 4:22 AM PDT

Secunia Advisory: SA29297
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: BM Classifieds

Description:
xcorpitx has reported two vulnerabilities in BM Classifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat" parameter in showad.php and "ad" in pfriendly.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving usernames, e-mail addresses, and password hashes.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
xcorpitx

Original Advisory:
http://milw0rm.com/exploits/5223

Collapse -
RemotelyAnywhere HTTP Request Accept-Charset Header Denial o
by Marianna Schmudlach / March 10, 2008 4:24 AM PDT

RemotelyAnywhere HTTP Request Accept-Charset Header Denial of Service

Secunia Advisory: SA29296
Release Date: 2008-03-10


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Unpatched


Software: RemotelyAnywhere Server Edition 8.x
RemotelyAnywhere Workstation Edition 8.x

Description:
Luigi Auriemma has reported a vulnerability in RemotelyAnywhere, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error within the RemotelyAnywhere.exe service and can be exploited to crash the service via a HTTP request with a specially crafted Accept-Charset header. The service is restarted after a few seconds.

The vulnerability is reported in RemotelyAnywhere Server and Workstation version 8.0.668. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/remotelynowhere-adv.txt

Collapse -
Dovecot Authentication Bypass Vulnerability
by Marianna Schmudlach / March 10, 2008 4:25 AM PDT

Secunia Advisory: SA29295
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Dovecot 1.x

Description:
A vulnerability has been reported in Dovecot, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when processing passwords. This can be exploited to set values for internally processed fields via a specially crafted password containing TAB characters.

Successful exploitation allows to log in without valid user credentials.

The vulnerability is reported in versions prior to 1.0.13 and 1.1.rc3.

NOTE: This affects only blocking passdbs (see vendor advisory for details).

Solution:
Update to version 1.0.13.
http://dovecot.org/download.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dovecot.org/list/dovecot-news/2008-March/000064.html

Collapse -
Sun Solaris ICU Regular Expressions Vulnerabilities
by Marianna Schmudlach / March 10, 2008 4:28 AM PDT

Secunia Advisory: SA29291
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 9

Description:
Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the ICU library.

The vulnerabilities have been reported in Solaris 9 and 10 for both the SPARC and the x86 platform.

Solution:
Apply patches.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233922-1

Other References:
SA28575:
http://secunia.com/advisories/28575/

Collapse -
Sun Java Web Console Information Disclosure Security Issue
by Marianna Schmudlach / March 10, 2008 4:30 AM PDT

Secunia Advisory: SA29290
Release Date: 2008-03-10


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java Web Console 3.x

Description:
A security issue has been reported in Sun Java Web Console, which can be exploited by malicious people to disclose certain information.

The security issue is caused due to an unspecified error, which can be exploited to determine the existence of files or directories in access restricted directories.

The security issue is reported in Java Web Console 3.0.2, 3.0.3, and 3.0.4. Other versions may also be affected.

NOTE: The Windows platform is reportedly not affected.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231526-1

Collapse -
Gentoo update for phpmyadmin
by Marianna Schmudlach / March 10, 2008 4:31 AM PDT

Secunia Advisory: SA29287
Release Date: 2008-03-10


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Update to "dev-db/phpmyadmin-2.11.5" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-15.xml

Other References:
SA29200:
http://secunia.com/advisories/29200/

Collapse -
Horde "theme" Local File Inclusion Vulnerability
by Marianna Schmudlach / March 10, 2008 4:34 AM PDT

Secunia Advisory: SA29286
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: Horde Application Framework 3.x
Horde Groupware 1.x
Horde Groupware Webmail Edition 1.x

Description:
A vulnerability has been reported in various Horde products, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system.

Input passed to the "theme" parameter is not properly sanitised before being used. This can be exploited to include arbitrary files from local resources, using directory traversal attacks and URL-encoded NULL bytes ("%00").

NOTE: Other attack vectors are also reported to exist.

Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.

The vulnerability is confirmed in Horde Application Framework 3.1.6 and also reported in Horde Groupware 1.0.4 and Horde Groupware Webmail Edition 1.0.5. Prior versions may also be affected.

Solution:
Update to Horde Application Framework 3.1.7, Horde Groupware 1.0.5, or Horde Groupware Webmail Edition 1.0.6.

Provided and/or discovered by:
David Collins, Patrick Pelanne, and others from HostGator.com LLC support team

Original Advisory:
Horde:
http://lists.horde.org/archives/announce/2008/000382.html
http://lists.horde.org/archives/announce/2008/000383.html
http://lists.horde.org/archives/announce/2008/000384.html

HostGator:
http://seclists.org/bugtraq/2008/Mar/0074.html

Collapse -
Gentoo update for vlc
by Marianna Schmudlach / March 10, 2008 4:35 AM PDT

Secunia Advisory: SA29284
Release Date: 2008-03-10


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Update to "media-video/vlc-0.8.6e" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml

Other References:
SA28233:
http://secunia.com/advisories/28233/

SA28383:
http://secunia.com/advisories/28383/

SA29122:
http://secunia.com/advisories/29122/

Collapse -
rPath update for dbus
by Marianna Schmudlach / March 10, 2008 4:37 AM PDT

Secunia Advisory: SA29281
Release Date: 2008-03-10


Critical:
Less critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for dbus, dbus-glib, dbus-qt, and dbus-x11. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

Solution:
Update to:
dbus=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-glib=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-qt=conary.rpath.com@rpl:1/0.50-2.4-1
dbus-x11=conary.rpath.com@rpl:1/0.50-2.4-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0099

Other References:
SA29148:
http://secunia.com/advisories/29148/

Collapse -
MailEnable IMAP Service Multiple Vulnerabilities
by Marianna Schmudlach / March 10, 2008 4:38 AM PDT

Secunia Advisory: SA29277
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: MailEnable Enterprise Edition 3.x
MailEnable Professional 3.x

Description:
Luigi Auriemma has discovered some vulnerabilities in MailEnable, which can be exploited by malicious people and malicious users to cause a DoS (Denial of Service) or by malicious users to compromise a vulnerable system.

1) Boundary errors in the IMAP service (MEIMAPS.EXE) when handling arguments passed to the FETCH, EXAMINE, and UNSUBSCRIBE commands can be exploited to cause buffer overflows via overly long arguments.

Successful exploitation allows execution of arbitrary code.

2) Errors in the IMAP service when handling the SEARCH and APPEND commands can be exploited to cause the service to crash.

The vulnerabilities are confirmed in MailEnable Professional version 3.13. Other versions may also be affected.

Solution:
Restrict network access to the IMAP service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/maildisable-adv.txt

Collapse -
Debian update for moin
by Marianna Schmudlach / March 10, 2008 4:40 AM PDT

Secunia Advisory: SA29262
Release Date: 2008-03-10


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Partial Fix


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0

Description:
Debian has issued an update for moin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass security restrictions, manipulate certain data, or potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1514

Other References:
SA24138:
http://secunia.com/advisories/24138/

SA29010:
http://secunia.com/advisories/29010/

Collapse -
Beehive Secure File Transfer Appliance "sfoutbox" Hardcoded
by Marianna Schmudlach / March 10, 2008 4:42 AM PDT

Secunia Advisory: SA29197
Release Date: 2008-03-10


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


OS: Beehive Secure File Transfer Appliance

Description:
Brad Antoniewicz has reported a security issue in Beehive Secure File Transfer Appliance, which potentially can be exploited by malicious people to gain unauthorized access to the FTP server.

The problem is caused due to the appliance including the hardcoded "sfoutbox" FTP account credentials as shown within the "outboxWriteUnsent()" function in the FTPThread.class file within SendFile.jar.

Solution:
Restrict network access to the FTP service.

Provided and/or discovered by:
Brad Antoniewicz

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-02/0467.html

Collapse -
MicroWorld eScan Server Directory Traversal
by Marianna Schmudlach / March 10, 2008 4:45 AM PDT

Summary
"The Powerful Management Console of eScan provides options for system administrators to remotely administer a vast network of clients. It also allows them to remotely install eScan, deploy upgrades and updates and enforce an Integrated Security Policy for the entire Enterprise." A vulnerability in the way the MicroWorld eScan server works allows remote attackers to cause the product to provide access to files that would be otherwise inaccessible.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/escaz-adv.txt

http://www.securiteam.com/windowsntfocus/5IP0C00NPS.html

Collapse -
Acronis PXE Server Directory Traversal and NULL Pointer
by Marianna Schmudlach / March 10, 2008 4:46 AM PDT

Summary
The Acronis PXE Server is "an essential component of Acronis Snap Deploy Server, a deployment solution for automatically configuring all the clients of the local network". Vulnerabilities in the PXE server of Acronis allows remote attackers to access files that they would otherwise not have access to as well as cause the product to crash by sending it malformed data.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/acropxe-adv.txt


http://www.securiteam.com/windowsntfocus/5NP0H00NPS.html

Collapse -
PacketTrap TFTP Server Denial of Service
by Marianna Schmudlach / March 10, 2008 4:47 AM PDT
Collapse -
Acronis True Image Group Server Invalid Memory Access
by Marianna Schmudlach / March 10, 2008 4:49 AM PDT

Summary
Acronis Group Server is a component of Acronis True Image Echo Server (Workstation and Enterprise packages) which "allows the viewing and managing of backup tasks for all systems in the network from the Acronis Management Console". A vulnerability in the way the Acronis True Image Group Server handles network based data allows remote attackers to cause the product to crash.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/acrogroup-adv.txt


http://www.securiteam.com/windowsntfocus/5MP0G00NPM.html

Collapse -
Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys K
by Marianna Schmudlach / March 10, 2008 4:50 AM PDT

Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption

Summary
The kernel driver cpoint.sys shipped with Panda Internet Security and Antivirus+Firewall 2008 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in:
1) Local denial of service attacks (system crash due to a kernel panic), or
2) Local execution of arbitrary code at the kernel level (complete system compromise)

The issue can be triggered by sending a specially crafted IOCTL request.

No special user rights are necessary to exploit the vulnerability.

Credit:
The information has been provided by Tobias Klein.
The original article can be found at: http://www.trapkit.de/advisories/TKADV2008-001.txt

http://www.securiteam.com/windowsntfocus/5HP0B00NPK.html

Collapse -
MailEnable Professional/Enterprise Multiple Vulnerabilities
by Marianna Schmudlach / March 10, 2008 4:52 AM PDT

Summary
MailEnable is "a mail server for Windows which supports various protocols like SMTP, POP3, IMAP, webmail and a HTTPMail service". Multiple vulnerabilities have been discovered in the MailEnable product these vulnerabilities allow attacker to trigger buffer overflows as well as NULL pointer references.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/maildisable-adv.txt

http://www.securiteam.com/windowsntfocus/5JP0D00NPY.html

Collapse -
NULL pointer in Acronis True Image Windows Agent
by Marianna Schmudlach / March 10, 2008 4:53 AM PDT

Summary
The Acronis Agent is "an essential component of Acronis True Image Echo Server (Workstation and Enterprise packages) and is a server running on the TCP and UDP port 9876 which allows the local and remote management of Acronis TrueImage". A vulnerability in the way the Acronis True Image Windows Agent handles incoming traffic allows remote attackers to cause the service to crash.

The Acronis True Image Windows Agent must be not confused with the Acronis Snap Deploy Management Agent which uses the same ports but a different protocol and so it's not affected by this bug.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/acroagent-adv.txt


http://www.securiteam.com/windowsntfocus/5LP0F00NPQ.html

Collapse -
Security vulnerability in RealPlayer ActiveX
by Marianna Schmudlach / March 10, 2008 5:02 AM PDT

Security researcher Elazar Broad has discovered a vulnerability in an ActiveX control in RealPlayer, which at least crashes the user's browser and may also allow execution of injected malicious code. For this to occur, users must visit crafted web pages in Internet Explorer.

The bug in the rmoc3260.dll ActiveX component apparently allows attackers to overwrite memory blocks on the heap after they have been freed, and to modify certain registers. According to the advisory, Broad is currently working on a demo.

More: http://www.heise-online.co.uk/security/Security-vulnerability-in-RealPlayer-ActiveX--/news/110276

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?