Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 12, 2008

by Marianna Schmudlach / March 12, 2008 1:30 AM PDT

Debian update for libnet-dns-perl


Secunia Advisory: SA29354
Release Date: 2008-03-12


Critical:
Less critical
Impact: Spoofing
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0

Description:
Debian has issued an update for libnet-dns-perl. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache or to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00080.html

Other References:
SA25829:
http://secunia.com/advisories/25829/

SA29343:
http://secunia.com/advisories/29343/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 12, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 12, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Solaris 10 Inter-Process Communication Denial of Service
by Marianna Schmudlach / March 12, 2008 1:32 AM PDT

Secunia Advisory: SA29352
Release Date: 2008-03-12


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Vendor Patch


OS: Sun Solaris 10


Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the Inter-Process Communication message queue sub-system. This can be exploited by a malicious, local user to block a message queue.

The vulnerability affects Solaris 10 for both the SPARC and x86 platforms.

Solution:
Apply vendor patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231403-1

Collapse -
Red Hat Directory Server Insecure Directory Permissions
by Marianna Schmudlach / March 12, 2008 1:34 AM PDT

Secunia Advisory: SA29350
Release Date: 2008-03-12


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: Red Hat Directory Server 7.x

Description:
A vulnerability has been reported in Red Hat Directory Server, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to insecure permissions being set for the "/opt/redhat-ds/java/jars" directory. This can be exploited by a malicious, local user to replace ".jar" archives and execute arbitrary code.

The vulnerability is reported in version 7.1 prior to Service Pack 4.

Solution:
The vendor has fixed the vulnerability in Red Hat Directory Server 7.1 Service Pack 4, which is available via Red Hat Network.
http://rhn.redhat.com/

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0173.html

Collapse -
IBM AIX Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 1:35 AM PDT

Secunia Advisory: SA29349
Release Date: 2008-03-12


Critical:
Less critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Workaround


OS: AIX 5.x
AIX 6.x

Description:
Some vulnerabilities are reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or to gain escalated privileges.

1) The problem is that a 64-bit process, which is restarted via the checkpoint and restart feature, gains read and write access to certain areas of kernel memory. This can be exploited to execute arbitrary code.

2) An unspecified error can be exploited to crash remote nodes of a concurrent volume group, when a single node reduces the size of a JFS2 filesystem residing on the concurrent volume group.

3) The problem is that the proc filesystem does not enforce directory access controls correctly when the permission on a directory is more restrictive than permission on the currently-executing file in that directory.

4) Unspecified errors in some WPAR specific system calls can potentially be exploited to cause a DoS.

5) An unspecified error can be exploited by a user with privileges to run "ProbeVue" to disclose arbitrary kernel memory.

6) An unspecified error when handling environment variables within the "atmstat", "entstat", "fddistat", "hdlcstat", and "tokstat" commands of the "nddstat" family can be exploited to execute arbitrary code with root privileges.

7) An unspecified error when handling environment variables within the "lsmcode" command can be exploited to execute arbitrary code with root privileges.

The vulnerabilities are reported in AIX 5.2, 5.3, and 6.1.

Solution:
Apply interim fixes or APARs as soon as they become available.
ftp://aix.software.ibm.com/aix/efixes/security/kernel_fix.tar

Original Advisory:
IBM:
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4153
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4154
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4155
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4156
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4157
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4158
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4159
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4160
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4161

Collapse -
Gentoo update for apache
by Marianna Schmudlach / March 12, 2008 1:37 AM PDT

Secunia Advisory: SA29348
Release Date: 2008-03-12


Critical:
Less critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to cause a DoS (Denial of Service).

Solution:
Update to "www-servers/apache-2.2.8" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-19.xml

Other References:
SA27906:
http://secunia.com/advisories/27906/

SA28046:
http://secunia.com/advisories/28046/

Collapse -
IBM AIX "reboot" Buffer Overflow Vulnerability
by Marianna Schmudlach / March 12, 2008 1:39 AM PDT

Secunia Advisory: SA29347
Release Date: 2008-03-12


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Workaround


OS: AIX 5.x

Description:
A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the "reboot" command. This can be exploited by users in the "shutdown" group to cause a stack-based buffer overflow and allow execution of arbitrary code with "root" privileges.

The vulnerability is reported in AIX versions 5.2 and 5.3.

Solution:
Apply interim fixes or APARs as soon as they become available.
ftp://aix.software.ibm.com/aix/efixes/security/reboot_fix.tar

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4163
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4164

Collapse -
Internet Explorer FTP Command Injection Vulnerability
by Marianna Schmudlach / March 12, 2008 1:41 AM PDT

Secunia Advisory: SA29346
Release Date: 2008-03-12


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x

Description:
Derek Abdine has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct FTP command injection attacks.

The vulnerability is caused due to an input validation error when processing FTP URIs. This can be exploited to inject arbitrary FTP commands in a FTP session using e.g. a specially crafted FTP URI containing CRLF character sequences and trailing slashes.

Successful exploitation requires that a user e.g. is tricked into visiting a malicious website.

The vulnerability is confirmed in version 6.0.2900.2180 and also reported in version 5. Other versions may also be affected.

Solution:
Upgrade to Internet Explorer 7. Do not browse untrusted websites.

Provided and/or discovered by:
Derek Abdine, Rapid7

Original Advisory:
http://www.rapid7.com/advisories/R7-0032.jsp

Collapse -
Perl Net::DNS Module DNS Response Denial of Service
by Marianna Schmudlach / March 12, 2008 1:43 AM PDT

Secunia Advisory: SA29343
Release Date: 2008-03-12


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Net::DNS 0.x (module for Perl)


Description:
Beyond Security has reported a vulnerability in the Net::DNS Perl module, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing certain malformed DNS responses. This can be exploited to e.g. crash applications relying on Net::DNS by replying to DNS queries with a specially crafted DNS response.

The vulnerability is reported in version 0.60 build 654. Other versions may also be affected.

Solution:
Update to version 0.63.

Provided and/or discovered by:
Beyond Security

Original Advisory:
https://rt.cpan.org/Public/Bug/Display.html?id=30316
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes

Collapse -
HP-UX HP CIFS Server Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 1:45 AM PDT

Secunia Advisory: SA29341
Release Date: 2008-03-12


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
HP has acknowledged some vulnerabilities in HP-UX, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

HP-UX B.11.11, B.11.23, and B.11.31:
Install HP CIFS Server revision A.02.03.03 or subsequent.
http://www.hp.com/go/softwaredepot/

Original Advisory:
HPSBUX02316 SSRT071495:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01377687

Other References:
SA27450:
http://secunia.com/advisories/27450/

SA27760:
http://secunia.com/advisories/27760/

Collapse -
Red Hat update for java-1.4.2-bea
by Marianna Schmudlach / March 12, 2008 1:47 AM PDT

Secunia Advisory: SA29340
Release Date: 2008-03-12


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 3
Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.4.2-bea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive/system information, cause a DoS (Denial of Service), manipulate data, or compromise a vulnerable system.

Solution:
Updated packages are available in Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0100.html

Other References:
SA26631:
http://secunia.com/advisories/26631/

SA27009:
http://secunia.com/advisories/27009/

Collapse -
Bloo Multiple SQL Injection Vulnerabilities
by Marianna Schmudlach / March 12, 2008 1:57 AM PDT

Secunia Advisory: SA29338
Release Date: 2008-03-12


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Bloo 1.x

Description:
MhZ91 has reported some vulnerabilities in Bloo, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "post_id", "post_category_id", "post_year_month", and "static_page_id" parameters in index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.00. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
MhZ91

Original Advisory:
http://www.milw0rm.com/exploits/5234

Collapse -
IBM WebSphere Application Server Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 1:59 AM PDT

Secunia Advisory: SA29335
Release Date: 2008-03-12


Critical:
Moderately critical
Impact: Unknown
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: IBM WebSphere Application Server 6.1.x

Description:
Some vulnerabilities and security issues have been reported in IBM WebSphere Application Server, some of which have unknown impacts while others can potentially be exploited by malicious, local users to gain knowledge of sensitive information.

1) An unspecified error exists in wsadmin within the Administrative Scripting Tools component. No further information is currently available.

2) An unspecified error exists within the PropFilePasswordEncoder utility. No further information is currently available.

3) The problem is that certain sensitive information are stored in clear text within the http_plugin.log file (Plug-in component) and startserver.log (System Management/Repository component).

Solution:
Apply Fix Pack 15 (6.1.0.15).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PK45726, PK48785, PK52709, PK53198):
http://www-1.ibm.com/support/docview.wss?uid=swg27007951

Collapse -
Gentoo update for icu
by Marianna Schmudlach / March 12, 2008 2:00 AM PDT

Secunia Advisory: SA29333
Release Date: 2008-03-12


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for icu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

For more information:
SA28575

Solution:
Update to "dev-libs/icu-3.8.1-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-20.xml

Other References:
SA28575:
http://secunia.com/advisories/28575/

Collapse -
Adobe ColdFusion Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 2:01 AM PDT

Secunia Advisory: SA29332
Release Date: 2008-03-12


Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Adobe ColdFusion 8.x
Adobe ColdFusion MX 7.x

Description:
Some vulnerabilities and a weakness have been reported in Adobe ColdFusion, which can be exploited by malicious people to bypass certain security restrictions and to conduct cross-site scripting attacks.

1) Input passed via CGI variables is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

NOTE: This affects only ColdFusion with Windows IIS 6 installations.

2) An unspecified error can be exploited to bypass the cross-site scripting protection for certain ColdFusion applications, where "Application.cfm" or "Application.cfc" contains the setEncoding function.

3) A weakness is caused due to failed log-in attempts to the admin interface not being logged.

Solution:
-- ColdFusion 8 --

Apply ColdFusion 8 Cumulative Hot Fix 3.
http://www.adobe.com/go/kb403070

Apply Hotfix File (see vendor advisory for details).
http://www.adobe.com/support/security/bulletins/apsb08-08.html

-- ColdFusion MX 7 --

Apply the hotfixes (see vendor advisory for details).
http://www.adobe.com/go/kb403212
http://www.adobe.com/go/kb403202
http://www.adobe.com/support/security/bulletins/apsb08-08.html

Provided and/or discovered by:
1) The vendor credits Millennium Communications, Inc.
2) The vendor credits Shigeyoshi Muraoka, IT Frontier Corporation.

Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb08-06.html
http://www.adobe.com/support/security/bulletins/apsb08-07.html
http://www.adobe.com/support/security/bulletins/apsb08-08.html

Collapse -
Adobe LiveCycle Workflow Web Management Login Cross-Site Scr
by Marianna Schmudlach / March 12, 2008 2:03 AM PDT

Adobe LiveCycle Workflow Web Management Login Cross-Site Scripting Vulnerability


Secunia Advisory: SA29331
Release Date: 2008-03-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Adobe LiveCycle Workflow 6.x

Description:
Dave Lewis has reported a vulnerability in Adobe LiveCycle Workflow, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the URL of the web management login page is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user?s browser session in context of an affected site.

The vulnerability affects version 6.2.

Solution:
Contact Adobe Customer support for the patch.
http://www.adobe.com/go/supportportal

Provided and/or discovered by:
Dave Lewis

Original Advisory:
APSB08-10:
http://www.adobe.com/support/security/bulletins/apsb08-10.html

LSD002-2008:
http://www.liquidmatrix.org/blog/2008...livecycle-workflow-xss-vulnerability/

Collapse -
Adobe Form Designer/Form Client Buffer Overflow Vulnerabilit
by Marianna Schmudlach / March 12, 2008 2:04 AM PDT

Secunia Advisory: SA29330
Release Date: 2008-03-12


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Adobe Form Client 5.x
Adobe Form Designer 5.x

Description:
Some vulnerabilities have been reported in Adobe Form Designer and Form Client, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors within multiple ActiveX controls (FileDlg.dll, SvrCopy.dll) and can be exploited to cause buffer overflows when a user e.g. is tricked into visiting a malicious website.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities affect Adobe Form Designer 5.0 and Adobe Form Client 5.0.

Solution:
Apply patch.
http://www.adobe.com/support/products...port_knowledge_center_formclient.html

Provided and/or discovered by:
Will Dormann of CERT/CC.

Collapse -
QuickTalk forum "id" SQL Injection Vulnerability
by Marianna Schmudlach / March 12, 2008 2:05 AM PDT

Secunia Advisory: SA29288
Release Date: 2008-03-12


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: QuickTalk forum 1.x

Description:
t0pP8uZz & xprog have discovered a vulnerability in QuickTalk forum, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in qtf_ind_search_ov.php (when "a" is set to "user") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz & xprog

Original Advisory:
http://milw0rm.com/exploits/5240

Collapse -
Timbuktu Pro Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 2:07 AM PDT
Collapse -
Adobe LiveCycle Workflow XSS Vulnerability
by Marianna Schmudlach / March 12, 2008 2:08 AM PDT
Collapse -
Mapbender Command Execution
by Marianna Schmudlach / March 12, 2008 2:09 AM PDT

Summary
"Mapbender is the software and portal site for geodata management of OGC OWS architectures. The software provides web technology for managing spatial data services implemented in PHP, JavaScript and XML. It provides a data model and interfaces for displaying, navigating and querying OGC compliant map services. The Mapbender framework furthermore provides authentication and authorization services, OWS proxy functionality, management interfaces for user, group and service administration in WebGIS projects." During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed.

Credit:
The information has been provided by RedTeam Pentesting GmbH.
The original article can be found at: http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php

http://www.securiteam.com/unixfocus/5MP0F0KNPO.html

Collapse -
SAP MaxDB sdbstarter Privilege Escalation Vulnerability
by Marianna Schmudlach / March 12, 2008 2:11 AM PDT

Summary
SAP's MaxDB is "a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "sdbstarter" program is set-uid root and installed by default". Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root.

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670

http://www.securiteam.com/unixfocus/5NP0F0KNQU.html

Collapse -
SAP MaxDB Signedness Error Heap Corruption Vulnerability
by Marianna Schmudlach / March 12, 2008 2:12 AM PDT

Summary
SAP's MaxDB is "a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "vserver" program is responsible for accepting and handling communication with remote database clients". Remote exploitation of a signedness error in the "vserver" component of SAP AG's MaxDB could allow attackers to execute arbitrary code.

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669

http://www.securiteam.com/unixfocus/5OP0G0KNQQ.html

Collapse -
Mapbender SQL Injections
by Marianna Schmudlach / March 12, 2008 2:13 AM PDT

Summary
"Mapbender is the software and portal site for geodata management of OGC OWS architectures. The software provides web technology for managing spatial data services implemented in PHP, JavaScript and XML. It provides a data model and interfaces for displaying, navigating and querying OGC compliant map services. The Mapbender framework furthermore provides authentication and authorization services, OWS proxy functionality, management interfaces for user, group and service administration in WebGIS projects."

Due to the lack of input validation, an attacker is able to inject SQL-commands in many PHP scripts of Mapbender.

Credit:
The information has been provided by RedTeam Pentesting GmbH.
The original article can be found at: http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php


http://www.securiteam.com/unixfocus/5LP0E0KNPE.html

Collapse -
ASG-Sentry Multiple Vulnerabilities
by Marianna Schmudlach / March 12, 2008 2:14 AM PDT

Summary
"The ASG-Sentry family of products is a suite of tools strategically engineered to control, monitor, manage, and enhance your network. Sentry's tools provide you with full visibility to your network from any Web browser. Sentry also allows you to fully instrument your company's applications, CPUs, disk space, memory, files, Windows and UNIX platforms, and more." Multiple vulnerabilities have been discovered in ASG-Sentry, these vulnerabilities allow remote attackers to cause the product to delete arbitrary files, cause the product to crash and overflow an internal buffer allowing the execution of arbitrary code.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/asgulo-adv.txt

http://www.securiteam.com/securitynews/5OP0H0KNPY.html

Collapse -
BEA WebLogic Server Console HTML Injection
by Marianna Schmudlach / March 12, 2008 2:15 AM PDT

Summary
There is an HTML Injection vulnerability in WebLogic Server 10 Administration Console that allows the attacker to gain administrative access to the server. It is possible to craft such URL that will, when requested from the server, return a document with arbitrarily chosen HTML injected. An obvious use for this type of vulnerability is cross- site scripting that can be used, among other things, for obtaining session cookies from WebLogic administrators. These cookies, when stolen, provide the attacker with administrative access to WebLogic Administration Console, compromising the security of the entire web server.

This vulnerability is exploitable even if the Administration Console is only being accessed via HTTPS, and even if the Administrative Port is enabled.

Credit:
The information has been provided by ACROS Security.
The original article can be found at: http://www.acrossecurity.com/aspr/ASPR-2008-03-11-1-PUB.txt

http://www.securiteam.com/securitynews/5RP0J0KNQW.html

Collapse -
Vulnerability in Microsoft Outlook Allows Code Execution (MS
by Marianna Schmudlach / March 12, 2008 2:57 AM PDT

Vulnerability in Microsoft Outlook Allows Code Execution (MS08-015)

Summary
This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.

This security update is rated Critical for supported editions of Microsoft Office Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2 and Service Pack 3, and Outlook 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx

http://www.securiteam.com/windowsntfocus/5KP0C0KNQK.html

Collapse -
Microsoft Excel 2003 Malformed Formula Memory Corruption Vul
by Marianna Schmudlach / March 12, 2008 2:58 AM PDT

Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability

Summary
Microsoft Excel is "the spreadsheet application that is included with Microsoft Corp's Office productivity software suite". Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel 2003 could allow attackers to execute arbitrary code in the context of the currently logged on user.

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=672

http://www.securiteam.com/windowsntfocus/5JP0C0KNPS.html

Collapse -
Microsoft Excel BIFF File Format Cell Record Parsing Memory
by Marianna Schmudlach / March 12, 2008 2:59 AM PDT

Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability

Summary
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.

Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-08-008/

http://www.securiteam.com/windowsntfocus/5LP0D0KNQU.html

Collapse -
Microsoft Excel DVAL Heap Corruption Vulnerability
by Marianna Schmudlach / March 12, 2008 3:01 AM PDT

Summary
Microsoft Excel is "the spreadsheet application that is included with Microsoft Corp's Office productivity software suite". Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel.

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=671


http://www.securiteam.com/windowsntfocus/5KP0D0KNPA.html

Collapse -
Vulnerabilities in Microsoft Office Web Components Allows Co
by Marianna Schmudlach / March 12, 2008 3:02 AM PDT

Vulnerabilities in Microsoft Office Web Components Allows Code Execution (MS08-017)

Summary
This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is a critical security update for implementations of Microsoft Office Web Components 2000 on supported editions of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000 and Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx


http://www.securiteam.com/windowsntfocus/5JP0A0KNRU.html

Collapse -
No smoke without Firewire
by Marianna Schmudlach / March 12, 2008 3:10 AM PDT

In a recent programme on ITRadio.com.au, host Patrick Gray interviewed Kiwi security researcher Adam Boileau about his software called Winlockpwn. This software allows you to unlock Windows computers using what Gray describes succinctly as ?Firewire trickery?. Boileau was pretty careful in the interview to explain that this is can be considered an expected side-effect of having a live Firewire port on an unattended computer, Windows or not. Nevertheless, the story has grown in some quarters to suggest that this is an unpatched, unsolved vulnerability which needs immediate and special attention.

More: http://www.sophos.com/security/blog/2008/03/1173.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!