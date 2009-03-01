Thread display:
Fedora update for rubygem-actionpack
Release Date: 2009-03-02
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
OS: Fedora 9
Description:
Fedora has issued an update in rubygem-actionpack. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP header injection attacks.
Certain input passed to the "redirect_to" function is not properly sanitised before being used in the HTTP response. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user, allowing for execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
http://secunia.com/advisories/34097/
Fujitsu Jasmine2000 Enterprise Edition WebLink Three Vulnera
Release Date: 2009-03-02
Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Fujitsu Jasmine2000 Enterprise Edition
Description:
Some vulnerabilities have been reported in Fujitsu Jasmine2000 Enterprise Edition, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, or compromise a vulnerable system.
http://secunia.com/advisories/34062/
Drupal Protected Node Module Script Insertion Vulnerability
Release Date: 2009-03-02
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Drupal Protected Node Module 5.x
Description:
Justin C. Klein Keane has discovered a vulnerability in the Protected Node module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via the "protected_node_info" parameter in index.php (when "q" is set to "admin/settings/protected_node") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious authentication page is viewed.
Successful exploitation of the vulnerability requires the "administer site configuration" privilege.
The vulnerability is confirmed in version 5.x-1.3. Other versions may also be affected.
http://secunia.com/advisories/34060/
Debian update for dkim-milter
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid
Description:
Debian has issued an update for dkim-milter. This fixes a vulnerability, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks.
http://secunia.com/advisories/34053/
Debian update for gnutls
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: Security Bypass
Spoofing
Where: From remote
Solution Status: Vendor Patch
OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Description:
Debian has issued a update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
http://secunia.com/advisories/34041/
eid Middleware "EVP_VerifyFinal()" Spoofing Vulnerability
Release Date: 2009-03-02
Critical:
Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: eid Middleware 2.x
Description:
A vulnerability has been reported in eid Middleware, which potentially can be exploited by malicious people to conduct spoofing attacks.
The vulnerability is caused due to the library incorrectly verifying the return value of the "EVP_VerifyFinal()" OpenSSL function when validating signatures and can be exploited to potentially bypass the certificate validation.
The vulnerability is reported in version 2.6.0. Other versions may also be affected.
http://secunia.com/advisories/34029/
Huawei E960 HSDPA Router SMS Script Insertion Vulnerability
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Huawei E960 HSDPA Router
Description:
Rizki Wicaksono has reported a vulnerability in Huawei E960 HSDPA Router, which can be exploited by malicious people to conduct script insertion attacks.
Input sent via text messages is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious text messages are displayed.
This vulnerability is reported in firmware version 246.11.04.11.110sp04. Other versions may also be affected.
http://secunia.com/advisories/34025/
NovaNET "DtbClsLogin()" Buffer Overflow Vulnerability
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: DoS
System access
Where: From local network
Solution Status: Unpatched
Software: NovaNET 12.x
Description:
AbdulAziz Hariri has discovered a vulnerability in NovaNET, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "DtbClsLogin()" function in nnwindtb.dll (Windows) or libnnlindtb.so (Linux), which can be exploited to cause a stack-based buffer overflow by sending specially crafted requests to the application.
Successful exploitation allows to crash the application on a Windows system and reportedly allows to execute arbitrary code on a Linux system.
The vulnerability is confirmed in NovaNET version 12 (build 44717, Evaluation) for Windows. Other versions may also be affected.
http://secunia.com/advisories/34024/
Hex Workshop Intel Hex Processing Buffer Overflow
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Hex Workshop 4.x
Hex Workshop 5.x
Hex Workshop 6.x
Description:
Security^Ghost has discovered a vulnerability in Hex Workshop, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of Intel Hex files. This can be exploited to cause a stack-based buffer overflow via a specially crafted Intel Hex (".hex") file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in versions 4.23 and 6.0.1.4603. Other versions may also be affected.
http://secunia.com/advisories/34021/
Cambium Group CMS Unspecified SQL Injection Vulnerabilities
Release Date: 2009-03-02
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: Cambium Group CMS
Description:
Some vulnerabilities have been reported in Cambium Group CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
http://secunia.com/advisories/33987/
Mozilla Firefox IDN Spoofing Security Issue
Release Date: 2009-03-02
Critical:
Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 3.x
Description:
A security issue has been discovered in Mozilla Firefox, which can be exploited by a malicious people to conduct spoofing attacks.
The problem is caused due to the handling of IDN (International Domain Name) support, which can be exploited to spoof a URL via e.g. a ".cn" domain containing certain international characters that resemble other commonly used characters (e.g. "/") in the sub-domain part.
http://secunia.com/advisories/34096/
GNU MPFR "mpfr_snprintf()" and "mpfr_vsnprintf()" Off-By-One
GNU MPFR "mpfr_snprintf()" and "mpfr_vsnprintf()" Off-By-One Vulnerabilities
Release Date: 2009-03-02
Critical:
Less critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: GNU MPFR 2.x
Description:
Some vulnerabilities have been reported in GNU MPFR, which potentially can be exploited by malicious people to compromise an application using the library.
The vulnerabilities are caused due to an off-by-one error within the implementation of the "mpfr_snprintf()" and "mpfr_vsnprintf()" functions, which can be exploited to write a NULL byte after the expected end of the buffer.
The vulnerabilities are reported in versions prior to 2.4.1.
http://secunia.com/advisories/34063/
Microsoft: Many customers running unsupported operating syst
Microsoft: Many customers running unsupported operating systems
March 2nd, 2009
Posted by Mary Jo Foley
As the Conficker worm continues to burrow into more Windows systems, it?s become apparent that not only are many users failing to keep up with their patching, but many others are running older versions of Windows for which patches aren?t available.
?During Conficker we realized that a lot of customers are on unsupported OSs,? blogged Roger Halbheer, Chief Security Advisor of Microsoft EMEA (Europe Middle East and Africa).
?Unsupported,? in this case, means unsupported by Microsoft. Microsoft continues to update and patch operating systems and other products for free for roughly five years from the time a product is first released. Then the product enters the ?extended support? via which volume licensees can purchase an ?extended hotfix agreement? in order to continue to get full support from Microsoft. Security fixes and patches are an exception that don?t require the purchase of an extended support agreement; Microsoft continues to provide those during the extended phase for all users for free.
More: http://blogs.zdnet.com/microsoft/?p=2205&tag=nl.e589
Three Major Attack Papers of 2008
03.02.2009
Here I will focus on some of the major attack papers of 2008. The first is one of the biggest ancient vulnerabilities announced in 2008 - the design flaw in the mechanism in DNS that keeps malicious hosts from associating their IP address with a target domain name. The second paper is from Princeton, and the compressed air and liquid nitrogen are what make it cool. Finally, a paper from my alma matter shows creativity in interdisciplinary security research.
More: http://securitylabs.websense.com/content/Blogs/3313.aspx