Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 13, 2008

by Marianna Schmudlach / March 13, 2008 2:03 AM PDT

Fedora update for roundup


Secunia Advisory: SA29375
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Unknown
Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for roundup. This fixes some vulnerabilities with unknown impacts, and a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update roundup").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html

Other References:
SA29336:
http://secunia.com/advisories/29336/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 13, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 13, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for horde
by Marianna Schmudlach / March 13, 2008 2:04 AM PDT

Secunia Advisory: SA29374
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for horde. This fixes a vulnerability, which can be exploited by malicious users to to disclose sensitive information and potentially compromise a vulnerable system.

Solution:
Apply updated packages using the yum utility ("yum update horde").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html

Other References:
SA29286:
http://secunia.com/advisories/29286/

Collapse -
EasyCalendar SQL Injection and Cross-Site Scripting
by Marianna Schmudlach / March 13, 2008 2:05 AM PDT

Secunia Advisory: SA29373
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: EasyCalendar 4.x

Description:
JosS has discovered some vulnerabilities in EasyCalendar, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "year" parameter in plugins/calendar/calendar_backend.php and "page" in ajaxp_backend.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "day" parameter in plugins/calendar/calendar_backend.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 4.0tr. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
JosS

Original Advisory:
http://milw0rm.com/exploits/5246

Collapse -
EasyGallery SQL Injection and Cross-Site Scripting
by Marianna Schmudlach / March 13, 2008 2:06 AM PDT

Secunia Advisory: SA29372
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: MyioSoft EasyGallery 5.x

Description:
JosS has discovered some vulnerabilities in EasyGallery, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "catid" parameter in staticpages/easygallery/index.php (when "page" is set to "category") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "q" parameter (when "help" is set) and the URL in staticpages/easygallery/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 5.00tr. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
JosS

Original Advisory:
http://milw0rm.com/exploits/5247

Collapse -
UnixWare update for openssh
by Marianna Schmudlach / March 13, 2008 2:08 AM PDT

Secunia Advisory: SA29371
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: UnixWare 7.x.x



Description:
SCO has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

UnixWare 7.1.4:
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.image

UnixWare 7.1.3:
ftp://ftp.sco.com/pub/unixware7/713/security/p534336_713/p534336.image

Original Advisory:
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt

Other References:
SA22091:
http://secunia.com/advisories/22091/

Collapse -
UnixWare "pkgadd" Directory Traversal Vulnerability
by Marianna Schmudlach / March 13, 2008 2:09 AM PDT

Secunia Advisory: SA29370
Release Date: 2008-03-13


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: UnixWare 7.x.x

Description:
A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error in the pkgadd utility, which can be exploited via directory traversal attacks.

Successful exploitation allows execution of arbitrary code with root privileges.

The vulnerability is reported in UnixWare 7.1.4.

Solution:
Apply updated package.

UnixWare 7.1.4:
ftp://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.image

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
ftp://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt

Collapse -
Sun Solaris JDS XscreenSaver Authentication Bypass
by Marianna Schmudlach / March 13, 2008 2:11 AM PDT

Secunia Advisory: SA29368
Release Date: 2008-03-13


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Sun Solaris 10



Software: Sun Java Desktop System (JDS) Release 2

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error in XscreenSaver in the Solaris 10 Java Desktop System (JDS) when the GNOME On-Screen Keyboard (GOK) is being used. This can be exploited to bypass authentication to the XscreenSaver process.

The vulnerability is reported in Solaris 10 for both the SPARC and x86 platform.

Solution:
-- SPARC Platform --

Solaris 10:
Apply patch 120094-16 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120094-16-1

-- x86 Platform --

Solaris 10:
Apply patch 120095-16 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120095-16-1

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-234661-1

Collapse -
rPath update for dovecot
by Marianna Schmudlach / March 13, 2008 2:12 AM PDT

Secunia Advisory: SA29364
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x



Description:
rPath has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Update to:
dovecot=conary.rpath.com@rpl:1/1.0.13-0.1-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108

Other References:
SA29295:
http://secunia.com/advisories/29295/

Collapse -
eXV2 bamaGalerie "cid" SQL Injection Vulnerability
by Marianna Schmudlach / March 13, 2008 2:13 AM PDT

Secunia Advisory: SA29362
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: eXV2 2.x

Description:
A vulnerability has been discovered in eXV2, which can be exploited by malicious people to conduct SQL injection attacks.

The vulnerability is caused due to the use of a vulnerable bamaGalerie module.

The vulnerability is confirmed in eXV2 version 2.0.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Grant only trusted users access to the affected module.

Other References:
SA29359
http://secunia.com/advisories/29359/

Collapse -
IBM WebSphere MQ for HP NonStop Missing Authentication
by Marianna Schmudlach / March 13, 2008 2:15 AM PDT

Secunia Advisory: SA29360
Release Date: 2008-03-13


Critical:
Less critical
Impact: Security Bypass
Manipulation of data

Where: Local system

Solution Status: Vendor Patch


Software: IBM WebSphere MQ 5.x

Description:
A security issue has been reported in IBM WebSphere MQ for HP NonStop, which can be exploited by malicious, local users to bypass certain security restrictions or manipulate certain data.

The problem is that it is possible for users who are not members of the "mqm" group to e.g. use "runmsqc" to start or stop channels or perform other administrative tasks.

The security issue is reported in versions prior to 5.3.

Solution:
Update to the latest versions.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21297035

Collapse -
eXV2 Bama Galerie Module "cid" SQL Injection
by Marianna Schmudlach / March 13, 2008 2:16 AM PDT

Secunia Advisory: SA29359
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Bama Galerie 3.x (module for eXV2)

Description:
S@BUN has discovered a vulnerability in the Bama Galerie module for eXV2, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cid" parameter in viewcat.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires access to the gallery module.

The vulnerability is confirmed in version 3.041 and reported in version 3.03. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Grant only trusted users access to the affected module.

Provided and/or discovered by:
S@BUN

Original Advisory:
http://milw0rm.com/exploits/5244

Collapse -
XOOPS Tutorials Module "tid" SQL Injection
by Marianna Schmudlach / March 13, 2008 2:17 AM PDT

Secunia Advisory: SA29358
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Tutorials 2.x (module for XOOPS)

Description:
S@BUN has discovered a vulnerability in the Tutorials module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "tid" parameter in printpage.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 2.1b. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
S@BUN

Original Advisory:
http://milw0rm.com/exploits/5245

Collapse -
Fedora update for ruby
by Marianna Schmudlach / March 13, 2008 2:19 AM PDT

Secunia Advisory: SA29357
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information.

Solution:
Apply updated packages via the yum utility ("yum update ruby").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html

Other References:
SA29232:
http://secunia.com/advisories/29232/

Collapse -
Polymita BPM-Suite / CollagePortal Cross-Site Scripting Vuln
by Marianna Schmudlach / March 13, 2008 2:20 AM PDT

Secunia Advisory: SA29355
Release Date: 2008-03-13


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Polymita BPM-Suite
Polymita CollagePortal

Description:
Russ McRee has reported some vulnerabilities in Polymita BPM-Suite and CollagePortal, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "_q" and "lucene_index_field_value" parameters when performing a search is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
Russ McRee

Collapse -
Cisco User-Changeable Password Multiple Vulnerabilities
by Marianna Schmudlach / March 13, 2008 2:21 AM PDT

Secunia Advisory: SA29351
Release Date: 2008-03-13


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Cisco User-Changeable Password 4.x

Description:
Some vulnerabilities have been reported in Cisco User-Changeable Password (UCP), which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a vulnerable system.

1) Multiple boundary errors exist within the UCP CGI script ("CSuserGCI.exe") when processing the "Logout", "Main", and "ChangePass" arguments. These can be exploited to cause buffer overflows via overly long subsequent arguments.

NOTE: Other arguments may also be affected.

Successful exploitation may allow execution of arbitrary code.

2) Input passed via the "Help" parameter to the UCP CGI script ("CSuserCGI.exe") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 4.2.

Solution:
Update to version 4.2.

Provided and/or discovered by:
Felix 'FX' Lindner, Recurity Labs GmbH.

Original Advisory:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

Recurity Labs:
http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt

Collapse -
Fully Modded phpBB "k" SQL Injection Vulnerability
by Marianna Schmudlach / March 13, 2008 2:23 AM PDT

Secunia Advisory: SA29339
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Fully Modded phpBB

Description:
TurkishWarriorr has discovered a vulnerability in Fully Modded phpBB, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "k" parameter in kb.php (when "mode" is set to "article" and "page_num" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 80220. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
TurkishWarriorr

Original Advisory:
http://milw0rm.com/exploits/5243

Collapse -
McAfee ePolicy Orchestrator Framework Service Format String
by Marianna Schmudlach / March 13, 2008 2:24 AM PDT

McAfee ePolicy Orchestrator Framework Service Format String Vulnerability

Secunia Advisory: SA29337
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Unpatched


Software: McAfee ePolicy Orchestrator 4.x

Description:
Luigi Auriemma has discovered a vulnerability in McAfee ePolicy Orchestrator, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to a format string error within the McAfee Framework Service (FrameworkService.exe) and can be exploited via specially crafted packets containing format string specifiers sent to default port 8082/UDP.

Successful exploitation crashes the McAfee Framework Service and may allow execution of arbitrary code.

The vulnerability is confirmed in McAfee ePolicy Orchestrator version 4.0.0 (build 1015) and including FrameworkService.exe version 3.6.0.569. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/meccaffi-adv.txt

Collapse -
Roundup Multiple Vulnerabilities
by Marianna Schmudlach / March 13, 2008 2:26 AM PDT

Secunia Advisory: SA29336
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Unknown
Security Bypass

Where: From remote

Solution Status: Vendor Workaround


Software: Roundup 1.x

Description:
Multiple vulnerabilities and a security issue have been reported in Roundup, some of which have unknown impacts, while others can be exploited by malicious users to bypass certain security restrictions.

1) An error exists in the xml-rpc server when enforcing restrictions set on properties. This can be exploited to edit or view restricted properties via the "list", "display", and "set" methods.

The security issue is reported in version 1.4.4. Other versions may also be affected.

2) Multiple vulnerabilities are caused due to an unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 1.4.4.

Solution:
Update to version 1.4.4, which fixes vulnerability #2.

Vulnerability #1 is fixed in the CVS repository.

Restrict access to trusted users only.

Provided and/or discovered by:
1) Reported by Philipp Gortan in a Roundup bug report.
2) The vendor credits Roland Meister.

Original Advisory:
http://sourceforge.net/tracker/index....11&group_id=31577&atid=402788
http://roundup.cvs.sourceforge.net/ro.../vnd.viewcvs-markup&revision=HEAD

Collapse -
Mapbender SQL and PHP Code Injection
by Marianna Schmudlach / March 13, 2008 2:27 AM PDT

Secunia Advisory: SA29329
Release Date: 2008-03-13


Critical:
Highly critical
Impact: Manipulation of data
System access

Where: From remote

Solution Status: Vendor Workaround


Software: Mapbender 2.x



Description:
RedTeam Pentesting has reported some vulnerabilities in Mapbender, which can be exploited by malicious people to conduct SQL injection attacks or potentially compromise a vulnerable system.

1) Input passed to various parameters in various files (e.g. "gaz" parameter in http/php/mod_gazetteer_edit.php) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "factor" parameter in tools/mapFiler.php is not properly sanitised before being stored. This can be exploited to execute arbitrary PHP code by passing specially crafted values to the affected script.

The vulnerabilities are reported in version 2.4.4. Other versions may also be affected.

Solution:
Reportedly fixed in version 2.4.5 rc1

Provided and/or discovered by:
RedTeam Pentesting

Original Advisory:
http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php?lang=en
http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php?lang=en

Collapse -
StoreFront "CategoryId" SQL Injection Vulnerability
by Marianna Schmudlach / March 13, 2008 2:28 AM PDT

Secunia Advisory: SA29326
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: StoreFront 6.x

Description:
Nick Merritt has reported a vulnerability in StoreFront, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "CategoryId" parameter in SearchResults.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Update to version 6 Service Pack 8.
http://support.storefront.net/storefront6/kbase/kbview.aspx?kbID=454

Provided and/or discovered by:
Nick Merrit

Collapse -
rPath update for lighttpd
by Marianna Schmudlach / March 13, 2008 2:30 AM PDT

Secunia Advisory: SA29318
Release Date: 2008-03-13


Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for lighttpd. This fixes some security issues, which can be exploited by malicious people to disclose potentially sensitive information.

Solution:
Update to:
lighttpd=conary.rpath.com@rpl:1/1.4.18-0.4-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106

Other References:
SA29235:
http://secunia.com/advisories/29235/

Collapse -
Gentoo update for sarg
by Marianna Schmudlach / March 13, 2008 2:31 AM PDT

Secunia Advisory: SA29309
Release Date: 2008-03-13


Critical:
Highly critical
Impact: Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for sarg. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks or to compromise a vulnerable system.

Solution:
Update to "net-analyzer/sarg-2.2.5" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-21.xml

Other References:
SA28668:
http://secunia.com/advisories/28668/

Collapse -
Fedora update for dovecot
by Marianna Schmudlach / March 13, 2008 2:32 AM PDT

Secunia Advisory: SA29226
Release Date: 2008-03-13


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update dovecot").

Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html

Other References:
SA29295:
http://secunia.com/advisories/29295/

Collapse -
Cisco patches holes in Secure Access Control Server
by Marianna Schmudlach / March 13, 2008 2:35 AM PDT

Network appliance vendor Cisco has released an update to remedy a vulnerability in its Secure Access Control Server (ACS) that allowed attackers to inject malicious code remotely. The new version also closes a cross-site scripting hole.

The ACS is based on a collection of CGI programs for Microsoft's Internet Information Server 6.0. It allows users to change their passwords via a web browser that has access to the Windows User-Changeable Password (UCP) component. Users first have to enter their current logon credentials before changes can be made.

More: http://www.heise-online.co.uk/security/Cisco-patches-holes-in-Secure-Access-Control-Server--/news/110312

Collapse -
Adobe goes on patching spree
by Marianna Schmudlach / March 13, 2008 2:36 AM PDT

In addition to an update for the Adobe Reader for Unix, Adobe has also published patches for holes in Form Designer, Form Client, ColdFusion, and LiveCycle Workflow.

In Form Designer and Form Client, the update remedies critical flaws that allowed attackers to inject malicious code by means of manipulated websites. The libraries FileDlg.dll and SvrCopy.dll provide ActiveX components in which buffer overflows can occur. US-CERT recommends setting the kill bit for the ClassIDs {00A2A192-4929-11D1-BA6C-080009D7FAD2} and {D10E546F-3AF9-11D1-BA6C-080009D7FAD2} if you do not want to switch off ActiveX in Internet Explorer entirely. Adobe has also published a patch that users of Form Designer 5.0 or Form Client 5.0 can install.

More: http://www.heise-online.co.uk/security/Adobe-goes-on-patching-spree--/news/110310

Collapse -
Possible vulnerability in TrueCrypt 5.1
by Marianna Schmudlach / March 13, 2008 2:38 AM PDT

A possible vulnerability in TrueCrypt 5.1 that can expose keys on Windows systems has been described in a Russian language blog. This reports that the key remains in memory while the memory image is being written to disk, prior to entering hibernation mode. Attackers could read it there later, and use it to decrypt containers and partitions. But allegedly the keys are only exposed under specific circumstances, for example when using specific drivers for unusual storage controllers and RAID controllers. Windows 2000 systems with a RAID system based on the Intel Matrix Storage chip are said to be at particular risk.

More: http://www.heise-online.co.uk/security/Possible-vulnerability-in-TrueCrypt-5-1--/news/110308

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?