Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 3, 2009

by Marianna Schmudlach / March 3, 2009 12:20 AM PST

rPath update for php5

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: rPath Linux 1.x

Description:
rPath has issued an update for php5. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and by malicious, local users to bypass certain security restrictions.

http://secunia.com/advisories/34139/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 3, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 3, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
cURL/libcURL "Location:" Redirect URLs Security Bypass
by Marianna Schmudlach / March 3, 2009 12:21 AM PST

Release Date: 2009-03-03

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

Software: cURL 7.x

Description:
A security issue has been reported in cURL/libcURL, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to cURL following HTTP "Location:" redirects to e.g. "scp://" or "file://" URLs, which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.

Successful exploitation requires that automatic redirection following is enabled.

The security issue is reported in versions 5.11 through 7.19.3.

http://secunia.com/advisories/34138/

Collapse -
Debian update for gst-plugins-bad0.10
by Marianna Schmudlach / March 3, 2009 12:22 AM PST

Release Date: 2009-03-03

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update to gst-plugins-bad0.10. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise a vulnerable system.

http://secunia.com/advisories/34136/

Collapse -
Opera Multiple Vulnerabilities
by Marianna Schmudlach / March 3, 2009 12:24 AM PST

Release Date: 2009-03-03

Critical:
Highly critical
Impact: Unknown
Cross Site Scripting
System access
Where: From remote
Solution Status: Vendor Patch

Software: Opera 9.x

Description:
Some vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

http://secunia.com/advisories/34135/

Collapse -
Opera closes vulnerabilities
by Marianna Schmudlach / March 3, 2009 12:49 AM PST

3 March 2009

The Opera browser has been updated to version 9.64 which includes several security and stability fixes. The update addresses an extremely severe vulnerability in which a specially crafted JPEG image can cause Opera to corrupt memory and execute arbitrary code.

The release incorporates the Opera Presto 2.1.1 user agent engine. Support has been added for Data Execution Prevention (DEP) for both Windows XP SP2 (and higher) and Windows Server 2003 SP1. An issue where plug-ins could be used to allow cross domain scripting has been fixed. The change log lists a fix to a "moderately severe issue" which will be detailed at a later date.

More: http://www.h-online.com/security/Opera-closes-vulnerabilities--/news/112761

Collapse -
Debian update for ndiswrapper
by Marianna Schmudlach / March 3, 2009 12:25 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for ndiswrapper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier).

http://secunia.com/advisories/34134/

Collapse -
BlogMan Multiple Vulnerabilities
by Marianna Schmudlach / March 3, 2009 12:26 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: BlogMan 0.x

Description:
Salvatore "drosophila" Fresta has discovered some vulnerabilities in BlogMan, which can be exploited by malicious people to conduct SQL injection attacks or bypass certain security restrictions.

http://secunia.com/advisories/34132/

Collapse -
Document Library "save_user.asp" Security Bypass Vulnerabili
by Marianna Schmudlach / March 3, 2009 12:27 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Document Library 1.x

Description:
ByALBAYX has reported a vulnerability in Document Library, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

The application does not restrict access to the admin/save_user.asp script. This can be exploited to disclose or modify the administrator username and password.

The vulnerability is reported in version 1.0.1. Other versions may also be affected.

http://secunia.com/advisories/34129/

Collapse -
Digital Interchange Calendar Registration Options Security B
by Marianna Schmudlach / March 3, 2009 12:28 AM PST

Digital Interchange Calendar Registration Options Security Bypass

Release Date: 2009-03-03
Popularity: 57 views

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: Digital Interchange Calendar 5.x

Description:
ByALBAYX has reported a security issue in Digital Interchange Calendar, which can be exploited by malicious people to bypass certain security restrictions.

The application does not restrict access to the admin/registration_options.asp, admin/add_registration_option.asp, and admin/set_registration_option_status.asp scripts. This can be exploited to add or modify registration options by directly accessing the affected scripts.

The security issue is reported in version 5.7.13. Other versions may also be affected.

http://secunia.com/advisories/34128/

Collapse -
Graugon PHP Article Publisher Authentication Bypass and SQL
by Marianna Schmudlach / March 3, 2009 12:29 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Graugon PHP Article Publisher


Description:
x0r has discovered some vulnerabilities in Graugon PHP Article Publisher, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.

http://secunia.com/advisories/34126/

Collapse -
eXtplorer "lang" Local File Inclusion Vulnerability
by Marianna Schmudlach / March 3, 2009 12:30 AM PST

Release Date: 2009-03-03

ritical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: eXtplorer 2.x

Description:
Juan Galiana Lara has discovered a vulnerability in eXtplorer, which can be exploited by malicious people to disclose sensitive information.

Input passed via the "lang" parameter in index.php to include/init.php is not properly verified before being used to include files. This can be exploited to include arbitrary files form local resources via directory traversal attacks and URL-encoded NULL bytes.

The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.

http://secunia.com/advisories/34124/

Collapse -
Media Commands Playlist Processing Buffer Overflow Vulnerabi
by Marianna Schmudlach / March 3, 2009 12:31 AM PST

Release Date: 2009-03-03

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Media Commands 1.x

Description:
Hakxer has discovered a vulnerability in Media Commands, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the processing of playlist files (e.g. ".m3u", ".m3l", ".lrc"). This can be exploited to cause a stack-based buffer overflow via a playlist having an overly long entry.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

http://secunia.com/advisories/34122/

Collapse -
e107 Multiple Script Insertion Vulnerabilities
by Marianna Schmudlach / March 3, 2009 12:32 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: e107 0.x

Description:
Some vulnerabilities have been discovered in e107, which can be exploited by malicious people to conduct script insertion attacks.

Input passed to the "author_name", "itemtitle", and "e107_submitnews_item" parameters in submitnews.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's session in the context of an affected site when the malicious news post is viewed.

The vulnerabilities are confirmed in version 0.7.14. Other versions may also be affected.

http://secunia.com/advisories/34109/

Collapse -
Plunet BusinessManager Security Bypass and Script Insertion
by Marianna Schmudlach / March 3, 2009 12:33 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: Plunet BusinessManager 4.x

Description:
Matteo Ignaccolo and Gabriele Zanoni have reported some vulnerabilities in Plunet BusinessManager, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks.

http://secunia.com/advisories/34100/

Collapse -
ASPThai.Net Webboard "id" SQL Injection Vulnerability
by Marianna Schmudlach / March 3, 2009 12:34 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: ASPThai.Net Webboard 6.x

Description:
A vulnerability has been reported in ASPThai.Net Webboard, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in bview.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 6.0. Other versions may also be affected.

http://secunia.com/advisories/34099/

Collapse -
WikyBlog Multiple File Extensions File Upload Vulnerability
by Marianna Schmudlach / March 3, 2009 12:35 AM PST

Release Date: 2009-03-03

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: WikyBlog 1.x

Description:
A vulnerability has been discovered in WikyBlog, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload and execute arbitrary PHP code on the server.

Successful exploitation of this vulnerability requires a certain server configuration (e.g. an Apache server with the "mod_mime" module installed).

The vulnerability is confirmed in version 1.7.1. Other versions may also be affected.

http://secunia.com/advisories/34095/

Collapse -
Fedora update for mediawiki
by Marianna Schmudlach / March 3, 2009 12:36 AM PST

Release Date: 2009-03-03

Critical:
Not critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 9

Description:
Fedora has issued an update for mediawiki. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

http://secunia.com/advisories/34094/

Collapse -
Linux Kernel 32bit/64bit System Call Security Bypass Weaknes
by Marianna Schmudlach / March 3, 2009 12:37 AM PST

Release Date: 2009-03-03

Critical:
Not critical
Impact: Security Bypass
Where: Local system
Solution Status: Vendor Workaround

OS: Linux Kernel 2.6.x

Description:
Two weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

1) An implementation error within the "PR_SET_SECCOMP" feature can be exploited to invoke certain restricted system calls by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

2) An implementation error within the "audit_syscall_entry()" function can be exploited to bypass the auditing by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

http://secunia.com/advisories/34084/

Collapse -
Debian update for squid3
by Marianna Schmudlach / March 3, 2009 12:38 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).


http://secunia.com/advisories/34078/

Collapse -
EEB-CMS "content" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / March 3, 2009 12:39 AM PST

Release Date: 2009-03-03

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: EEB-CMS 0.x

Description:
A vulnerability has been reported in EEB-CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "content" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerability is reported in version 0.95. Other versions may also be affected.

http://secunia.com/advisories/34073/

Collapse -
APC PowerChute Business Edition Multiple Vulnerabilities
by Marianna Schmudlach / March 3, 2009 12:40 AM PST

Release Date: 2009-03-03

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: APC PowerChute Business Edition 6.x
APC PowerChute Business Edition 7.x
APC PowerChute Business Edition 8.x

Description:
Some vulnerabilities have been reported in APC PowerChute Business Edition, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and HTTP response splitting attacks.

http://secunia.com/advisories/34066/

Collapse -
Blue Coat ProxySG HTTP "Host:" Header Security Bypass
by Marianna Schmudlach / March 3, 2009 12:41 AM PST

Release Date: 2009-03-03

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Workaround

OS: Blue Coat Security Gateway OS (SGOS) 3.x
Blue Coat Security Gateway OS (SGOS) 4.x
Blue Coat Security Gateway OS (SGOS) 5.x

Description:
A security issue has been reported in ProxySG, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to ProxySG relying on HTTP "Host:" headers when acting as transparent proxy. This can be exploited to e.g. access restricted websites or bypass a browser's security context protection mechanism by sending HTTP requests with a forged HTTP "Host:" header.

Successful exploitation requires that the attacker can forge the HTTP "Host:" header (e.g. via active content).

http://secunia.com/advisories/34064/

Collapse -
Debian update for vim
by Marianna Schmudlach / March 3, 2009 12:42 AM PST

Release Date: 2009-03-03

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for vim. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/34055/

Collapse -
Winamp libsndfile.dll CAF Processing Integer Overflow Vulner
by Marianna Schmudlach / March 3, 2009 12:43 AM PST

Winamp libsndfile.dll CAF Processing Integer Overflow Vulnerability

Release Date: 2009-03-03

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Winamp 5.x

Description:
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the use of vulnerable libsndfile code.

http://secunia.com/advisories/33981/

Collapse -
libsndfile CAF Processing Integer Overflow Vulnerability
by Marianna Schmudlach / March 3, 2009 12:44 AM PST

Release Date: 2009-03-03

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: libsndfile 1.x

Description:
Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.0.18. Prior versions may also be affected.

http://secunia.com/advisories/33980/

Collapse -
GMail Service CSRF Vulnerability
by Marianna Schmudlach / March 3, 2009 12:45 AM PST

3 Mar. 2009

Summary
Gmail is Google's "free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it all with a new way of viewing messages as part of conversations".

Cross-Site Request Forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

GMail is vulnerable to CSRF attacks in the "Change Password" functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

An attacker can create a page that includes requests to the "Change password" functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the "Change Password" request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the "Change Password" form.

Credit:
The information has been provided by Vicente Aguilera Diaz.

http://www.securiteam.com/securitynews/5ZP010UQKK.html

Collapse -
Nokia releases cuter Qt
by Marianna Schmudlach / March 3, 2009 4:40 AM PST

Open-source, web, Mac bases covered

By Gavin Clarke in San Francisco

3rd March 2009

Nokia has released the first major update to Qt since it acquired Trolltech a year ago, with licensing and features to increase the application and UI framework's appeal.

Qt 4.5 is now available under the Lesser General Public License (GPL) for the first time, in addition to the GPL and two commercial licenses sported by older editions of Qt.

The idea is to make Qt open to individuals and organizations interested in building with open-source but who'd fell uncomfortable working with the GPL license.

More: http://www.theregister.co.uk/2009/03/03/nokia_qt_major_update/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?