Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 16, 2009

by Marianna Schmudlach / March 16, 2009 3:00 AM PDT

Gentoo update for libpng

Release Date: 2009-03-16

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.

http://secunia.com/advisories/34320/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 16, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 16, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
eLynx Lab PNG Plugin Uninitialised Pointer Arrays Vulnerabil
by Marianna Schmudlach / March 16, 2009 3:01 AM PDT

Release Date: 2009-03-16

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Workaround

Software: eLynx Lab 1.x

Description:
A vulnerability has been reported in eLynx Lab, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the png plugin using vulnerable libpng code.

http://secunia.com/advisories/34319/

Collapse -
Debian update for libsndfile
by Marianna Schmudlach / March 16, 2009 3:02 AM PDT

Release Date: 2009-03-16

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.


http://secunia.com/advisories/34316/

Collapse -
GOM Encoder Subtitle Processing Buffer Overflow Vulnerabilit
by Marianna Schmudlach / March 16, 2009 3:03 AM PDT

Release Date: 2009-03-16

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: GOM Encoder 1.x


Description:
A vulnerability has been discovered in GOM Encoder, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing *.SRT subtitle files. This can be exploited to cause a buffer overflow by e.g. tricking a user into previewing or encoding a media file with a specially crafted subtitle file.

The vulnerability is confirmed in version 1.0.0.11. Other versions may also be affected.

http://secunia.com/advisories/34314/

Collapse -
Fedora update for pdfjam
by Marianna Schmudlach / March 16, 2009 3:04 AM PDT

Release Date: 2009-03-16

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for pdfjam. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.


http://secunia.com/advisories/34312/

Collapse -
Fedora update for mod_security
by Marianna Schmudlach / March 16, 2009 3:05 AM PDT

Release Date: 2009-03-16

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for mod_security. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).


http://secunia.com/advisories/34311/

Collapse -
Debian update for mldonkey
by Marianna Schmudlach / March 16, 2009 3:06 AM PDT

Release Date: 2009-03-16

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid

http://secunia.com/advisories/34306/

Collapse -
Debian update for psi
by Marianna Schmudlach / March 16, 2009 3:07 AM PDT

Release Date: 2009-03-16

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for psi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).


http://secunia.com/advisories/34301/

Collapse -
Cryptographp "cfg" Local File Inclusion Vulnerability
by Marianna Schmudlach / March 16, 2009 3:08 AM PDT

Release Date: 2009-03-16

Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched

Software: Cryptographp 1.x

Description:
A vulnerability has been discovered in Cryptographp, which can potentially be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.

Input passed to the "cfg" parameter in cryptographp.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from the local directory.

Successful exploitation may allow execution of arbitrary PHP code, but requires e.g. that an application using Cryptographp stores text files with user controlled content in the same directory as cryptographp.inc.php.

The vulnerability is confirmed in version 1.4. Other versions may also be affected.

http://secunia.com/advisories/34299/

Collapse -
YAP "page" File Inclusion Vulnerability
by Marianna Schmudlach / March 16, 2009 3:09 AM PDT

Release Date: 2009-03-16

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: YAP 1.x

Description:
A vulnerability has been discovered in YAP, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and remote resources.

The vulnerability is confirmed in version 1.1.1. Other versions may also be affected.

http://secunia.com/advisories/34295/

Collapse -
Sun Solaris "keysock" Kernel Module Local Denial of Service
by Marianna Schmudlach / March 16, 2009 3:11 AM PDT

Release Date: 2009-03-16

Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch

OS: Sun Solaris 10

Description:
A vulnerability has been reported in Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the "keysock" kernel module, which can be exploited to cause a system panic.

Successful exploitation requires privileges to create PF_KEY sockets.

http://secunia.com/advisories/34277/

Collapse -
SUSE update for MozillaFirefox
by Marianna Schmudlach / March 16, 2009 3:12 AM PDT

Release Date: 2009-03-16

Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

OS: openSUSE 11.0
openSUSE 11.1

Description:
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user's system.


http://secunia.com/advisories/34272/

Collapse -
Debian update for yaws
by Marianna Schmudlach / March 16, 2009 3:13 AM PDT

Release Date: 2009-03-16

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for yaws. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34239/

Collapse -
Glib and Glib-Predecessor Heap Overflows (Base64)
by Marianna Schmudlach / March 16, 2009 3:15 AM PDT

16 Mar. 2009

Summary
Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predate glib are vulnerable due to the commonality of this flawed code.

Credit:
The information has been provided by Diego Petten.
The original article can be found at: http://www.ocert.org/advisories/ocert-2008-015.html

http://www.securiteam.com/unixfocus/5NP0C1PQKO.html

Collapse -
IBM Tivoli Storage Manager Express Heap Buffer Overflow Vuln
by Marianna Schmudlach / March 16, 2009 3:16 AM PDT

16 Mar. 2009

Summary
IBM Corp.'s Tivoli Storage Manager Express is "a simple backup management software targeting small business customer". Remote exploitation of a heap buffer overflow vulnerability in IBM Corp.'s Tivoli Storage Manager Express backup server could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities

http://www.securiteam.com/windowsntfocus/5MP0B1PQKK.html

Collapse -
iTunes 8.1 update eliminates vulnerabilities
by Marianna Schmudlach / March 16, 2009 3:23 AM PDT

Apple's iTunes update 8.1 contains two bug fixes relevant to security. Attackers can remotely exploit vulnerabilities in previous versions to partially paralyse the music program or make it expose user data.

The first problem only affects the Windows version. While processing manipulated messages using the proprietary iTunes protocol DAAP (Digital Audio Access Protocol) to share media across a local network, the program may go into an endless loop resulting in a denial of service.

The second bug, in both the Windows and the Mac OS X version, can occur when internet radio broadcasts or podcasts are accessed. Apple says that if a manipulated podcast server is contacted, a successful attack will cause an authentication dialogue to be displayed, asking for an iTunes user name and password to be entered. Any information given in response though, will be accessed by the attacker, enabling them to make guesses about the victim's other passwords. iTunes 8.1 has been modified to correctly identify the source of the prompt message.

More: http://www.h-online.com/security/iTunes-8-1-update-eliminates-vulnerabilities--/news/112851

Collapse -
MLDonkey 3.0 closes security hole
by Marianna Schmudlach / March 16, 2009 3:24 AM PDT

16 March 2009

The MLDonkey file sharing program has a security hole which allows access to arbitrary files on a system. The P2P program's web based management interface, which typically runs on TCP port 4080, does not properly filter requests. This means you can insert a double slash into a query like so

http://mlhost:4080//etc/passwd

and the server will return the contents of /etc/passwd. The bug is fixed in version 3.0 and affected Linux distributions are already issuing updated packages.

More: http://www.h-online.com/security/MLDonkey-3-0-closes-security-hole--/news/112859

Collapse -
Worth Reading: Optimised to fail - Card Readers for online b
by Marianna Schmudlach / March 16, 2009 3:26 AM PDT

Worth Reading: Optimised to fail - Card Readers for online banking

16 March 2009

by Dj Walker-Morgan

Prompted by the UK banks distribution to their customers of hand-held 'card readers' (actually key generators) for one-time-key authentication of credit card online purchases, three security researchers have published a paper on vulnerabilities in CAP, the underlying protocol used by these devices. Saar Drimer, Steven J. Murdoch, and Ross Anderson recently published their findings in Optimised to Fail: Card Readers for Online BankingPDF. The team reverse engineered the CAP (Chip Authentication Program) protocol and found it was susceptible to replay and man-in-the-middle attacks.The paper was presented at Financial Cryptography 09.

More: http://www.h-online.com/security/Worth-Reading-Optimised-to-fail-Card-Readers-for-online-banking--/features/112860

Collapse -
Tim Berners-Lee admits to falling for online scam
by Marianna Schmudlach / March 16, 2009 3:30 AM PDT

Web founder conned out of money by bogus shopping web site

Phil Muncaster

vnunet.com, 16 Mar 2009

Tim Berners-Lee, the founder of the world wide web, revealed today that he has been a victim of online fraud.

Berners-Lee, who is widely credited with inventing the web when working at the European Organisation for Nuclear Research (Cern) in the 1980s and early 1990s, told The Daily Telegraph that a site he visited to buy a Christmas present turned out to be a fake.
Advertisement

"The worst thing that has happened to me was when I tried to buy a Christmas present from a company that looked like a bona fide company on the internet and then actually they were a completely fake company," he told the newspaper.

More: http://www.vnunet.com/vnunet/news/2238573/berners-lee-defrauded-online

Collapse -
Futomi's CGI Cafe Analysis of High-Performance Access Cross-
by Marianna Schmudlach / March 16, 2009 3:39 AM PDT

Futomi's CGI Cafe Analysis of High-Performance Access Cross-Site Scripting

Release Date: 2009-03-16

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: Futomi's CGI Cafe Analysis of High-Performance Access Standard 3.x

Description:
A vulnerability has been reported in Analysis of high-performance access CGI Standard, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 3.8.1. Other versions may also be affected.

http://secunia.com/advisories/34271/

Collapse -
Google inspires behavioral ad-zapping Firefox add-on
by Marianna Schmudlach / March 16, 2009 7:01 AM PDT

Cookie-filled TACO

By Cade Metz in San Francisco

16th March 2009

Last week, when Google rolled out its new interest-based advertising behavioral ad targeting operation, it enveloped the world's web surfers in the sort of cookie conundrum we've come to expect from these privacy-hedging ad schemes.

Across YouTube and countless third party sites in its AdSense advertising network, Google is now targeting ads according to your personal browsing history. Yes, you can opt-out. But it's a cookie-based opt-out. You'll have to set cookies on every machine and every browser you use. And if you're someone who regularly flushes your cookies for privacy reasons, you'll soon opt yourself back in.

To its credit, Google also offers IE and Firefox plug-ins that maintain your opt-out even when cookies are cleared. But what about all the those other behavioral ad schemes serving up an identical cookie conundrum? There's still Microsoft, Yahoo!, AOL, ValueClick, Akamai, Nielsen - and the list goes on. And on.


More: http://www.theregister.co.uk/2009/03/16/taco_add/

Collapse -
One-year-old (unpatched) Windows 'token kidnapping' under at
by Marianna Schmudlach / March 16, 2009 7:03 AM PDT

One-year-old (unpatched) Windows 'token kidnapping' under attack

Posted by Ryan Naraine

March 16th, 2009

Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating.

The vulnerability, called token kidnapping (.pdf), was originally discussed last March by researcher Cesar Cerrudo and led to Microsoft issuing an advisory with workarounds. Five months later (October 2008), Cerrudo released a proof-of-concept in an apparent effort to nudge Microsoft into patching but the company has not yet released a fix.

More: http://blogs.zdnet.com/security/?p=2894

Collapse -
Microsoft patch leaves users vulnerable, says nCircle resear
by Marianna Schmudlach / March 16, 2009 7:07 AM PDT

Functionality wins over security, argues researcher; Microsoft defends approach

By Gregg Keizer

March 16, 2009 (Computerworld) One of the patches Microsoft Corp. issued last week is nothing of the sort, according to a researcher who today accused Microsoft of making functionality a higher priority than security.

According to Tyler Reguly, a senior security engineer at nCircle Network Security Inc., last Tuesday's MS09-008 update does not fix the problem for all users, many of whom may not realize that they're still vulnerable to attack. "When you get a patch from a vendor, you expect it to provide some level of security," said Reguly. "But MS09-008 only mitigates the problem, it doesn't patch it."

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129722&source=rss_topic17

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!