Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - May 12, 2009

by Marianna Schmudlach / May 12, 2009 12:15 AM PDT

SquirrelMail Multiple Vulnerabilities

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Hijacking
Cross Site Scripting
Spoofing
Where: From remote
Solution Status: Vendor Patch

Software: SquirrelMail 1.x

Description:
Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting, session fixation, and phishing attacks

http://secunia.com/advisories/35073/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - May 12, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - May 12, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Smarty "smarty_function_math()" Template Security Bypass
by Marianna Schmudlach / May 12, 2009 12:16 AM PDT

Release Date: 2009-05-12

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: Smarty 2.x

Description:
A vulnerability has been discovered in Smarty, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the "smarty_function_math()" function in libs/plugins/function.math.php not properly sanitising the input before using it in an "eval()" call. This can be exploited to bypass the template security and execute arbitrary commands via an affected application relying on the template security features.

The vulnerability is confirmed in version 2.6.22 on Windows. Other versions may also be affected.

http://secunia.com/advisories/35072/

Collapse -
IBM AIX update for OpenSSL
by Marianna Schmudlach / May 12, 2009 12:17 AM PDT

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Security Bypass
DoS
Where: From remote
Solution Status: Vendor Patch

OS: AIX 5.x
AIX 6.x

Description:
IBM has issued an update for OpenSSL included in AIX. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

http://secunia.com/advisories/35070/

Collapse -
SUSE Update for Multiple Packages
by Marianna Schmudlach / May 12, 2009 12:18 AM PDT

Release Date: 2009-05-12

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9

Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for multiple packages. This fixes a weakness, some security issues, and some vulnerabilities, which can be exploited by malicious, local users to manipulate certain data, and by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

http://secunia.com/advisories/35065/

Collapse -
Bitweaver "version" Directory Traversal Vulnerability
by Marianna Schmudlach / May 12, 2009 12:19 AM PDT

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: bitweaver 2.x

Description:
A vulnerability has been discovered in Bitweaver, which can be exploited by malicious people to manipulate certain data.

Input passed to the "version" parameter in boards/boards_rss.php is not properly verified before being used to create files. This can be exploited to create files on the system via directory traversal attacks.

Note: Malicious users can inject e.g. Smarty template code into the created file, which can be exploited to execute arbitrary code.

The vulnerability is confirmed in version 2.6. Other versions may also be affected.

http://secunia.com/advisories/35057/

Collapse -
uTopic "rating" SQL Injection Vulnerability
by Marianna Schmudlach / May 12, 2009 12:20 AM PDT

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

Software: uTopic 1.x

Description:
A vulnerability has been reported in uTopic, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "rating" parameter in admin/utopic.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is reported in version 1.00. Other versions may also be affected.


http://secunia.com/advisories/35051/

Collapse -
openWYSIWYG Directory Traversal and File Upload Vulnerabilit
by Marianna Schmudlach / May 12, 2009 12:22 AM PDT

Release Date: 2009-05-12

Critical:
Less critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: openWYSIWYG 1.x

Description:
Juri Gianni has discovered two vulnerabilities in openWYSIWYG, which can be exploited by malicious people to disclose potentially sensitive information or bypass certain security restrictions.

http://secunia.com/advisories/35050/

Collapse -
eggBlog Directory Traversal and File Upload Vulnerabilities
by Marianna Schmudlach / May 12, 2009 12:23 AM PDT

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: eggBlog 4.x

Description:
Juri Gianni has discovered two vulnerabilities in eggBlog, which can be exploited by malicious people to disclose potentially sensitive information or bypass certain security restrictions.


The vulnerabilities are confirmed in version 4.1.1. Other versions may also be affected.


http://secunia.com/advisories/35047/

Collapse -
CycloMedia CycloScopeLite ActiveX Control "ReturnConnection(
by Marianna Schmudlach / May 12, 2009 12:24 AM PDT

Release Date: 2009-05-12

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: CycloMedia CycloScopeLite 2.x

Description:
0x29A has discovered a vulnerability in CycloMedia CycloScopeLite, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in CM_ADOConnection.dll, CM_AddressInfoDBC.dll, and CM_RecordingLocationDBC.dll when processing the "ReturnConnection()" method and can be exploited to dereference an invalid object.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in CycloMedia CycloScopeLite version 2.50.3.0. Other versions may also be affected.


http://secunia.com/advisories/35046/

Collapse -
OpenSC "pkcs11-tool" RSA Key Generation Security Issue
by Marianna Schmudlach / May 12, 2009 12:25 AM PDT

Release Date: 2009-05-12

Critical:
Not critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: OpenSC 0.x

Description:
A security issue has been reported in OpenSC, which can potentially lead to the disclosure of sensitive information.

The security issue is caused due to an error in the "pkcs11-tool" that results in the generation of an RSA key pair with an insecure public exponent of "1".

Successful exploitation requires that the "pkcs11-tool" is used to generate a RSA key pair with a third-party PKCS#11 module and a card accepting the insecure exponent.

The security issue is reported in version 0.11.7 and the OpenSC SVN trunk.

http://secunia.com/advisories/35035/

Collapse -
A-A-S Application Access Server Cross-Site Request Forgery V
by Marianna Schmudlach / May 12, 2009 12:26 AM PDT

Release Date: 2009-05-12

Critical:
Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: A-A-S Application Access Server 2.x

Description:
A vulnerability has been discovered in A-A-S Application Access Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary commands or kill arbitrary processes when a logged in administrator views a malicious web page.

The vulnerability is confirmed in version 2.0.48. Other versions may also be affected.

http://secunia.com/advisories/35034/

Collapse -
Debian update for qemu
by Marianna Schmudlach / May 12, 2009 12:27 AM PDT

Release Date: 2009-05-12

Critical:
Less critical
Impact: Security Bypass
Where: Local system
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0

Description:
Debian has issued an update for qemu. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions.

http://secunia.com/advisories/35031/

Collapse -
Ubuntu update for moin
by Marianna Schmudlach / May 12, 2009 12:28 AM PDT

Release Date: 2009-05-12

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 8.10
Ubuntu Linux 9.04

Description:
Ubuntu has issued an update for moin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.


http://secunia.com/advisories/35024/

Collapse -
Symantec System Center Alert Management System Console Arbit
by Marianna Schmudlach / May 12, 2009 12:31 AM PDT
Collapse -
CA ARCserve Backup Apache HTTP Server Multiple Vulnerabiliti
by Marianna Schmudlach / May 12, 2009 12:32 AM PDT

Summary
CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. A remote attacker can exploit a buffer overflow to gain apache privileges, or cause a denial of service. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.

Credit:
The information has been provided by James K. Williams.
The original article can be found at: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147


http://www.securiteam.com/unixfocus/5CP0C0AR5Y.html

Collapse -
Oracle Database SQL Injection vulnerability in LT.ROLLBACKWO
by Marianna Schmudlach / May 12, 2009 12:32 AM PDT

Summary
Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS.

Credit:
The information has been provided by Esteban Mart nez Fay.
The original article can be found at: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml

http://www.securiteam.com/unixfocus/5EP0E0AR5Q.html

Collapse -
Quagga Linux Denial of Service Vulnerability
by Marianna Schmudlach / May 12, 2009 12:33 AM PDT
Collapse -
FRISK Software F-prot CAB Bypass / Evasion
by Marianna Schmudlach / May 12, 2009 12:34 AM PDT

Summary
FRISK Software produces "the hugely popular F-Prot Antivirus products range offering unrivalled heuristic detection capabilities".

The F-Prot Antivirus parsing engine can be bypassed by a specially crafted and formated CAB (Filesize) archive. The bug results in denying the engine the possibility to inspect code within CAB archives. There is no inspection of the content at all and hence the impossibility to detect malicious code.

Credit:
The information has been provided by Thierry Zoller.
The original article can be found at: http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html


http://www.securiteam.com/securitynews/5BP0B0AR5W.html

Collapse -
XSS flaws found in sites of multiple anti-virus firms
by Marianna Schmudlach / May 12, 2009 12:36 AM PDT

Dirty half-dozen

By John Leyden
12th May 2009

Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks.

Some of the firms involved have admitted problems, while others say the issues raised have either already been fixed or are erroneous.
Popular Whitepapers

* Corporate Social Responsibility
Six technology tactics to promote CSR in your organisation
* Managing existing customer relationships more effectively
Microsoft Dynamics CRM in action
* Driving revenue with effective IT
A Reg Webcast: Practical expert advice and debate for mid-sized companies
* Virtualization: optimized power and cooling to maximize benefits
A simple and effective way to develop a capacity plan
* Putting corporate information to better use
Microsoft paean to business intelligence
* Microsoft Forefront Security Products for Business
Greater protection and control through integration and simplified management

Nemesis, a gang of programmers and security bods that work mostly in chat room software development, reckons the sites of Symantec, Kaspersky, Eset (Nod32), AVG, F-secure and Trend Micro are all vulnerable, one way or another. The group has posted screen shots to back up its claims in an advisory here.


More: http://www.theregister.co.uk/2009/05/12/av_xss_six/

Collapse -
Microsoft's Geneva identity cloud platform enters Beta 2
by Marianna Schmudlach / May 12, 2009 2:17 AM PDT

By John Fontana

May 12, 2009 (Network World) LOS ANGELES -- Microsoft Monday released the Beta 2 of Geneva, its identity platform for the cloud, adding single sign-on capabilities across server applications and cloud-based services, and long-awaited support for SAML 2.0.

Microsoft has added a number of new features around Security Assertion Markup Language (SAML) 2.0 specification, including SAML interoperability with identity software from CA, Novell, SAP and Sun.

In addition, Microsoft will add certification for the Liberty Alliance implementation of SAML 2.0 when the final code of Geneva is released at the end of 2009.

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132946

Collapse -
New warning over cloud security gaps
by Marianna Schmudlach / May 12, 2009 2:18 AM PDT

12 May 2009

By Jon Brodkin, Network World (US)

The security gaps in cloud computing demand greater scrutiny than traditional IT outsourcing models, a new Forrester report has said.

Advertisement

With traditional outsourcing models, a customer places its own servers in someone else's data centre, or a service provider manages devices dedicated to that customer. But multi-tenancy rules the day in cloud computing, and customers may not know where their data is stored or how it's replicated, Forrester analyst Chenxi Wang writes in a report titled How secure is your cloud?

"Cloud computing decouples data from infrastructure and obscures low-level operational details, such as where your data is and how it's replicated," Wang writes. "Multi-tenancy, while it is rarely used in traditional IT outsourcing, is almost a given in cloud computing services. These differences give rise to a unique set of security and privacy issues that not only impact your risk management practices, but have also stimulated a fresh evaluation of legal issues in areas such as compliance, auditing, and eDiscovery."

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=115702

Collapse -
Microsoft Patch Tuesday for May 2009
by Marianna Schmudlach / May 12, 2009 7:39 AM PDT

05-12-2009

Hello and welcome to this month?s blog on the Microsoft patch releases. This is a light, yet moderate month?the vendor is releasing one bulletin covering a total of 14 vulnerabilities. This is the first time we've seen a single bulletin cover so many vulnerabilities since Microsoft started the monthly patch program.

All the issues are remote code-execution vulnerabilities in PowerPoint, and Microsoft has rated 11 of them ?Critical.? For any of these issues to be triggered, a victim must open a specially crafted file with a vulnerable version of PowerPoint.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.

Microsoft?s summary of the May releases can be found here:

http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx

More: https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/vulnerabilities_exploits/article-id/196

Collapse -
Microsoft PowerPoint Multiple Vulnerabilities
by Marianna Schmudlach / May 12, 2009 7:41 AM PDT

Release Date: 2009-05-12

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007
Microsoft Office XP
Microsoft Open XML File Format Converter for Mac
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Powerpoint 2003
Microsoft Works 8.x
Microsoft Works 9.x

Description:
Multiple vulnerabilities have been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/32428/

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

GREAT SHOWS WITHOUT CABLE

Get live TV over the internet

Say goodbye to cable -- check out the top five live TV streaming services available now.