Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 14, 2008

by Marianna Schmudlach / March 14, 2008 1:31 AM PDT

Red Hat update for kernel

Secunia Advisory: SA29387
Release Date: 2008-03-14


Critical:
Less critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0167.html

Other References:
SA27666:
http://secunia.com/advisories/27666/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 14, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 14, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
ZABBIX "vfs.file.cksum" Denial of Service Vulnerability
by Marianna Schmudlach / March 14, 2008 1:32 AM PDT

Secunia Advisory: SA29383
Release Date: 2008-03-14


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: ZABBIX 1.x

Description:
Milen Rangelov has discovered a vulnerability in ZABBIX, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the improper implementation of the "vfs.file.cksum" command in "zabbix_agentd". This can be exploited to disable the processing of valid requests via multiple "vfs.file.cksum" commands, having e.g. "/dev/urandom" as a parameter, sent to the port on which "zabbix_agentd" is listening (port 10050/TCP by default).

Successful exploitation requires that the malicious requests are sent from an authorized host.

The vulnerability is confirmed in version 1.4.4. Other versions may also be affected.

Solution:
Restrict access to trusted hosts only.

Provided and/or discovered by:
Milen Rangelov

Collapse -
MDaemon IMAP Server "FETCH" Command Buffer Overflow
by Marianna Schmudlach / March 14, 2008 1:34 AM PDT

Secunia Advisory: SA29382
Release Date: 2008-03-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: MDaemon 9.x

Description:
Matteo Memelli has discovered a vulnerability in MDaemon, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the IMAP server when processing the "FETCH" command. This can be exploited to cause a stack-based buffer overflow via a specially crafted "FETCH" command containing an overly long section specification in a "BODY" data item.

Successful exploitation allows execution of arbitrary code, but requires valid user credentials.

The vulnerability is confirmed in version 9.6.4. Other versions may also be affected.

Solution:
Grant only trusted users access to the affected service.

Provided and/or discovered by:
Matteo Memelli a.k.a. ryujin

Original Advisory:
http://www.be4mind.com/?q=node/256

Collapse -
Invision Power Board Nested BBCodes Script Insertion
by Marianna Schmudlach / March 14, 2008 1:35 AM PDT

Secunia Advisory: SA29378
Release Date: 2008-03-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Invision Power Board 2.x

Description:
A vulnerability has been reported in Invision Power Board, which can be exploited by malicious people to conduct script insertion attacks.

Input passed as nested custom BBCodes is not properly sanitised before being stored. This can be exploited to insert intrinsic events with arbitrary JavaScript code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

The vulnerability is reported in version 2.3.4 downloaded before 2008-03-13. Other versions may also be affected.

Solution:
Update to version 2.3.4 downloaded after 2008-03-12.

Apply the vendor's official patch:
http://forums.invisionpower.com/index.php?showtopic=270637

Provided and/or discovered by:
The vendor credits criticalsecurity.net.

Original Advisory:
http://forums.invisionpower.com/index.php?showtopic=270637

Collapse -
CiscoWorks Internetwork Performance Monitor Arbitrary Comman
by Marianna Schmudlach / March 14, 2008 1:36 AM PDT

CiscoWorks Internetwork Performance Monitor Arbitrary Command Execution



Secunia Advisory: SA29376
Release Date: 2008-03-14


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


Software: CiscoWorks Internetwork Performance Monitor (IPM) 2.x



Description:
A vulnerability has been reported in CiscoWorks Internetwork Performance Monitor, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the application binding a command shell to a random port on the affected system. This can be exploited to execute arbitrary commands with "casuser" privileges on Solaris, and with SYSTEM privileges on Windows.

The vulnerability affects version 2.6 on Windows and Solaris.

Solution:
Apply vendor patch.

IPM version 2.6 CSCsj06260:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2

Provided and/or discovered by:
The vendor credits a Cisco customer.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml

Collapse -
DB2 Monitoring Console File Upload and Unauthorized Database
by Marianna Schmudlach / March 14, 2008 1:37 AM PDT

Secunia Advisory: SA29367
Release Date: 2008-03-14


Critical:
Moderately critical
Impact: Security Bypass
System access

Where: From remote

Solution Status: Vendor Patch


Software: DB2 Monitoring Console 2.x

Description:
Some vulnerabilities have been reported in DB2 Monitoring Console, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system.

1) An unspecified error can be exploited to upload files to the web server hosting the application.

2) An unspecified error can be exploited to gain access to the database that a user is currently connected to when the user e.g. is tricked into following a malicious link.

Successful exploitation requires e.g. knowledge of the address of the DB2 MC web server.

The vulnerabilities are reported in versions prior to 2.2.25.

Solution:
Update to version 2.2.25.

Provided and/or discovered by:
The vendor credits Rob Williams.

Original Advisory:
http://sourceforge.net/project/showno...release_id=583793&group_id=211760

Collapse -
Virtual Support Office-XP "Issue_ID" SQL Injection Vulnerabi
by Marianna Schmudlach / March 14, 2008 1:39 AM PDT

Secunia Advisory: SA29365
Release Date: 2008-03-14


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Virtual Support Office-XP 2.x

Description:
Aria-Security Team has reported a vulnerability in Virtual Support Office-XP (VSO-XP), which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "Issue_ID" parameter in MyIssuesView.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Aria-Security Team

Original Advisory:
http://forum.aria-security.com/showthread.php?p=21

Collapse -
Nagios Unspecified Cross-Site Scripting Vulnerability
by Marianna Schmudlach / March 14, 2008 1:41 AM PDT

Secunia Advisory: SA29363
Release Date: 2008-03-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Nagios 2.x

Description:
A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 2.11.

Solution:
Update to version 2.11.
http://www.nagios.org/download/

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.nagios.org/development/changelog.php#2x_branch

Collapse -
Gentoo update for live
by Marianna Schmudlach / March 14, 2008 1:42 AM PDT

Secunia Advisory: SA29356
Release Date: 2008-03-14


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for live. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to "media-plugins/live-2008.02.08" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200803-22.xml

Other References:
SA27711:
http://secunia.com/advisories/27711/

Collapse -
Mandriva update for gcc
by Marianna Schmudlach / March 14, 2008 1:44 AM PDT

Secunia Advisory: SA29334
Release Date: 2008-03-14


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007.0

Description:
Mandriva has issued an update for gcc. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.


Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:066

Other References:
SA21100:
http://secunia.com/advisories/21100/

Collapse -
SUSE update for evolution
by Marianna Schmudlach / March 14, 2008 1:52 AM PDT

Secunia Advisory: SA29317
Release Date: 2008-03-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1

Description:
SUSE has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html

Other References:
SA29057:
http://secunia.com/advisories/29057/

Collapse -
Microsoft Security Bulletin Re-Release
by Marianna Schmudlach / March 14, 2008 2:34 AM PDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: March 13, 2008
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the bulletin for more detail.

* MS08-014 - Critical

Bulletin Information:
=====================

* MS08-014 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
- Reason for Revision: FAQ added about known issues relating to
users of Excel 2003 Service Pack 2 or Service Pack 3
- Originally posted: March 11, 2008
- Updated: March 13, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

Collapse -
Compromised Websites Redirect Users to Malicious Websites
by Marianna Schmudlach / March 14, 2008 8:09 AM PDT

updated March 14, 2008 at 12:56 pm

US-CERT has seen reports of an attack that has compromised a large number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding JavaScript code. Users who visit one of these infected websites may be unknowingly redirected to a malicious website. These malicious websites may then attempt to exploit known vulnerabilities for which patches are available but have not yet been applied to the victim's system.

This issue is currently exploiting a variety of vulnerabilities:


Baofeng Storm ActiveX
Ourgame GLChat ActiveX
Microsoft Internet Explorer VML (VU#122084)

Qvod Player ActiveX
Microsoft RDS.Dataspace ActiveX (VU#234812)

RealPlayer playlist ActiveX (VU#871673)

Storm Player ActiveX
Microsoft Windows WebViewFolderIcon ActiveX (VU#753044)

Xunlei Thunder DapPlayer ActiveX
US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:

Regularly apply software updates and patches provided by vendors.
Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.
US-CERT will provide more information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#website_compromises_facilitating_exploitation_of

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?