Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - March 30, 2009

by Marianna Schmudlach / March 30, 2009 12:18 AM PDT

Fedora update for firefox and xulrunner

Release Date: 2009-03-30

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9


Description:
Fedora has issued an update for firefox and xulrunner. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

http://secunia.com/advisories/34521/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - March 30, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - March 30, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
glFusion "order" and "direction" SQL Injection Vulnerabiliti
by Marianna Schmudlach / March 30, 2009 12:19 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

Software: glFusion 1.x

Description:
Some vulnerabilities have been reported in glFusion, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "order" and "direction" parameters to private/system/classes/listfactory.class.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.1.2 and prior.

http://secunia.com/advisories/34519/

Collapse -
My Simple Forum Multiple Vulnerabilities
by Marianna Schmudlach / March 30, 2009 12:20 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: My Simple Forum 7.x


Description:
Some vulnerabilities have been discovered in My Simple Forum, which can be exploited by malicious people to disclose sensitive information or conduct cross-site scripting attacks.

http://secunia.com/advisories/34515/

Collapse -
Abee Chm Maker Project File Processing Buffer Overflow
by Marianna Schmudlach / March 30, 2009 12:21 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Abee Chm Maker 1.x

Description:
Encrypt3d.M!nd has discovered a vulnerability in Abee Chm Maker, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the processing of project files (".cmp"). This can be exploited to cause a stack-based buffer overflow via a specially crafted project file defining an overly long "FileName" parameter.

Successful exploitation allows execution of arbitrary code by tricking a user into importing and compiling a specially crafted project file.

The vulnerability is confirmed in version 1.9.5. Other versions may also be affected.

http://secunia.com/advisories/34514/

Collapse -
Xlight FTP Server ODBC Authentication SQL Injection Vulnerab
by Marianna Schmudlach / March 30, 2009 12:22 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

Software: Xlight FTP Server 3.x

Description:
A vulnerability has been reported in Xlight FTP Server, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the username and password is not properly sanitised before being used for ODBC authentication. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. bypass authentication.

The vulnerability is reported in versions prior to 3.2.1.

http://secunia.com/advisories/34513/

Collapse -
Red Hat update for seamonkey
by Marianna Schmudlach / March 30, 2009 12:23 AM PDT

Release Date: 2009-03-30

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Linux Advanced Workstation 2.1 for Itanium


Description:
Red Hat has issued an update for seamonkey. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

http://secunia.com/advisories/34511/

Collapse -
Red Hat update for firefox
by Marianna Schmudlach / March 30, 2009 12:24 AM PDT

Release Date: 2009-03-30

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for firefox. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

http://secunia.com/advisories/34510/

Collapse -
Gentoo update for analog
by Marianna Schmudlach / March 30, 2009 12:25 AM PDT

Release Date: 2009-03-30

Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch

OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for analog. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to analog using a vulnerable version of bzip2.

http://secunia.com/advisories/34508/

Collapse -
Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9
by Marianna Schmudlach / March 30, 2009 12:26 AM PDT

Release Date: 2009-03-30

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04
Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for firefox, firefox-3.0, and xulrunner-1.9. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

http://secunia.com/advisories/34505/

Collapse -
Avaya CMS Solaris UFS File System Denial of Service
by Marianna Schmudlach / March 30, 2009 12:27 AM PDT

Release Date: 2009-03-30

Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Unpatched

OS: Avaya Call Management System (CMS)


Description:
Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

http://secunia.com/advisories/34504/

Collapse -
IBM Tivoli Storage Manager Multiple Vulnerabilities
by Marianna Schmudlach / March 30, 2009 12:29 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
Where: From local network
Solution Status: Vendor Patch

Software: IBM Tivoli Storage Manager 6.x

Description:
Some vulnerabilities have been reported in Tivoli Storage Manager, where one has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions.

http://secunia.com/advisories/34498/

Collapse -
Avaya CMS Solaris Kerberos Denial of Service Vulnerability
by Marianna Schmudlach / March 30, 2009 12:30 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched

OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34487/

Collapse -
BT network 'vulnerable to Chinese attack'
by Marianna Schmudlach / March 30, 2009 12:33 AM PDT

Spy chiefs warn over Huawei gear in 21CN

By Chris Williams
30th March 2009

Spy chiefs have reportedly briefed ministers that Huawei hardware bought by BT could be hijacked by China to cripple the UK's communications infrastructure.

At a meeting in January, Alex Allan, chairman of the Joint Intelligence Committee, told the Home Secretary that while BT had taken steps to secure its network, "we believe that the mitigating measures are not effective against deliberate attack by China", the Sunday Times reports.

Huawei, led by former People's Liberation Army (PLA) research chief Ren Zhengfei, is a major supplier to BT's ongoing multi-billion-pound 21CN network upgrade. It will see all voice and data traffic carried by the same packet-switched equipment. In 2005 the Chinese firm won contracts to provide access nodes and optical equipment for the core of the new network.

More: http://www.theregister.co.uk/2009/03/30/huawei_threat/

Collapse -
Firefox quick to patch recent flaw
by Marianna Schmudlach / March 30, 2009 12:35 AM PDT

30 March 2009

By Robert McMillan, IDG news service

Mozilla has released a patch for Firefox, just days after a hacker released code that could be used to attack the browser. The company has released an updated 3.0.8 version of Firefox just two days after the code was posted to the Milw0rm website. This update also fixes a bug disclosed to research firm TippingPoint last week by a hacker who used it to win the company's Pwn2Own contest at the CanSecWest security conference.

Advertisement

Mozilla developers had described the release as a "high-priority firedrill security update" thanks to the attack code, known as a "zero day" exploit. The quick work paid off, as they had expected it to take until early next week to complete testing.

Mozilla says both bugs are "critical."

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=113504

Collapse -
Debian update for auth2db
by Marianna Schmudlach / March 30, 2009 1:28 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 5.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for auth2db. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

Certain input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting specially crafted multibyte character encoded data.

http://secunia.com/advisories/34488/

Collapse -
Frog CMS Multiple Vulnerabilities
by Marianna Schmudlach / March 30, 2009 4:47 AM PDT

Release Date: 2009-03-30

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched

Software: Frog CMS 0.x

Description:
Some vulnerabilities and a security issue have been discovered in Frog CMS, which can be exploited by malicious users to disclose sensitive information or conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks or disclose sensitive information.

http://secunia.com/advisories/34427/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!