Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - May 19, 2009

by Marianna Schmudlach / May 19, 2009 12:19 AM PDT

Red Hat update for ntp

Release Date: 2009-05-19

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for ntp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.


http://secunia.com/advisories/35166/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - May 19, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - May 19, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
NSD "packet_read_query_section()" Off-By-One Vulnerability
by Marianna Schmudlach / May 19, 2009 12:20 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: NSD 3.x

Description:
A vulnerability has been reported in NSD, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "packet_read_query_section()" function in packet.c, which can be exploited to cause a stack-based buffer overflow with one byte.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 3.2.2.

http://secunia.com/advisories/35165/

Collapse -
Fedora update for giflib
by Marianna Schmudlach / May 19, 2009 12:20 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 9

Description:
Fedora has issued an update for giflib. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

http://secunia.com/advisories/35164/

Collapse -
Nortel Media Processing Server Adobe Reader Multiple Vulnera
by Marianna Schmudlach / May 19, 2009 12:21 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch

OS: Nortel Media Processing Server (MPS)

Description:
Nortel has acknowledged some vulnerabilities in Nortel Media Processing Server, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.

http://secunia.com/advisories/35163/

Collapse -
Red Hat update for nfs-utils
by Marianna Schmudlach / May 19, 2009 12:22 AM PDT

Release Date: 2009-05-19

Critical:
Less critical
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious people to potentially bypass certain security restrictions.

The problem is that the nfs-utils package is built without TCP wrappers support, which could result in improper access restrictions being imposed due to the documentation specifying TCP wrappers as a valid security measure.

http://secunia.com/advisories/35162/

Collapse -
Red Hat update for util-linux
by Marianna Schmudlach / May 19, 2009 12:23 AM PDT

Release Date: 2009-05-19

Critical:
Not critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4


Description:
Red Hat has issued an update for util-linux. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.

http://secunia.com/advisories/35161/

Collapse -
Red Hat update for kernel
by Marianna Schmudlach / May 19, 2009 12:24 AM PDT

Release Date: 2009-05-19

Critical:
Less critical
Impact: Security Bypass
DoS
Where: Local system
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for the kernel. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service).

http://secunia.com/advisories/35160/

Collapse -
Red Hat update for ipsec-tools
by Marianna Schmudlach / May 19, 2009 12:25 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5

Description:
Red Hat has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/35159/

Collapse -
OCS Inventory NG Web Interface User Account Enumeration Weak
by Marianna Schmudlach / May 19, 2009 12:26 AM PDT

Release Date: 2009-05-19

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Unpatched

Software: OCS Inventory NG 1.x

Description:
A weakness has been reported in OCS Inventory NG, which can be exploited by malicious people to potentially identify valid user accounts.

The application's web interface returns different error messages depending on whether an unsuccessful login attempt is performed with a valid or invalid username. This can be exploited to potentially identify valid usernames via multiple login attempts.

The weakness is reported in version 1.01. Other versions may also be affected.

http://secunia.com/advisories/35157/

Collapse -
Red Hat update for java-1.5.0-ibm
by Marianna Schmudlach / May 19, 2009 12:27 AM PDT

Release Date: 2009-05-19

Critical:
Highly critical
Impact: Security Bypass
DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: Red Hat Enterprise Linux Extras v. 4
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.


http://secunia.com/advisories/35156/

Collapse -
Creative CMS "catid" SQL Injection Vulnerability
by Marianna Schmudlach / May 19, 2009 12:28 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Creative CMS 1.x

Description:
A vulnerability has been reported in Creative CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in insidepage.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.21. Other versions may also be affected.

http://secunia.com/advisories/35154/

Collapse -
Pluck "langpref" Local File Inclusion Vulnerabilities
by Marianna Schmudlach / May 19, 2009 12:29 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Pluck 4.x

Description:
ahmadbady has discovered some vulnerabilities in Pluck, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "langpref" parameter in data/modules/contactform/module_info.php, data/modules/blog/module_info.php, and data/modules/albums/module_info.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities are confirmed in version 4.6.2. Other versions may also be affected.

http://secunia.com/advisories/35145/

Collapse -
Coppermine Photo Gallery Multiple Vulnerabilities
by Marianna Schmudlach / May 19, 2009 12:30 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched

Software: Coppermine Photo Gallery 1.x

Description:
girex has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, or potentially compromise a vulnerable system.

http://secunia.com/advisories/35144/

Collapse -
ClanWeb save.php Security Bypass Vulnerability
by Marianna Schmudlach / May 19, 2009 12:31 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: ClanWeb 1.x

Description:
ahmadbady has reported a vulnerability in ClanWeb, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly restricting access to admincp/save.php, which can be exploited to update e.g. the password for arbitrary users or create administrative users for the administrative interface.

The vulnerability is reported in version 1.4.2. Other versions may also be affected.

http://secunia.com/advisories/35142/

Collapse -
Red hat update for ntp
by Marianna Schmudlach / May 19, 2009 12:32 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Red Hat Enterprise Linux 5 (Server)
Red Hat Enterprise Linux Desktop 5

Description:
Red Hat has issued an update for ntp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/35138/

Collapse -
SLiM X Authority File Insecure Creation Security Issue
by Marianna Schmudlach / May 19, 2009 12:33 AM PDT

Release Date: 2009-05-19

Critical:
Less critical
Impact: Exposure of sensitive information
Where: Local system
Solution Status: Unpatched

Software: SLiM 1.x

Description:
A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.

The security issue is reported in version 1.3.0. Other versions may also be affected.

http://secunia.com/advisories/35132/

Collapse -
NTP ntpd Autokey Buffer Overflow Vulnerability
by Marianna Schmudlach / May 19, 2009 12:34 AM PDT

Release Date: 2009-05-19

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: NTP 4.x

Description:
A vulnerability has been reported in NTP, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "crypto_recv()" function in ntpd/ntp_crypto.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to the "ntpd".

Successful exploitation allows execution of arbitrary code, but requires that Autokey Authentication is configured via "crypto pw [password]" in ntp.conf.

The vulnerability is reported in versions prior to 4.2.4p7.

http://secunia.com/advisories/35130/

Collapse -
Pc4 Uploader "filter_sql()" SQL Injection Vulnerability
by Marianna Schmudlach / May 19, 2009 12:35 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: Pc4 Uploader 9.x


Description:
Qabandi has reported a vulnerability in Pc4 Uploader, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to e.g. the "id" parameter in code.php is not properly sanitised by the "filter_sql()" function before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 9.0. Other versions may also be affected.

http://secunia.com/advisories/35122/

Collapse -
Fedora update for ipsec-tools
by Marianna Schmudlach / May 19, 2009 12:36 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/35113/

Collapse -
MyPic "dir" Information Disclosure Vulnerability
by Marianna Schmudlach / May 19, 2009 12:37 AM PDT

Release Date: 2009-05-19

Critical:
Less critical
Impact: Exposure of system information
Where: From remote
Solution Status: Unpatched

Software: MyPic 2.x

Description:
A vulnerability has been reported in MyPic, which can be exploited by malicious people to disclose certain system information.

Input passed to the "dir" parameter is not properly verified before being used to read files in the specified directory. This can be exploited to disclose the content of arbitrary directories on an affected system via directory traversal attacks.

The vulnerability is reported in version 2.1. Other versions may also be affected.

http://secunia.com/advisories/35092/

Collapse -
Template Monster Clone "edituser.php" Security Bypass Vulner
by Marianna Schmudlach / May 19, 2009 12:38 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: Template Monster Clone

Description:
TiGeR-Dz has reported a vulnerability in Template Monster Clone, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly restricting access to the admin/edituser.php script. This can be exploited to modify a user's username and password without having proper credentials.

http://secunia.com/advisories/35090/

Collapse -
activeCollab "re_route" Cross-Site Scripting Vulnerability a
by Marianna Schmudlach / May 19, 2009 12:39 AM PDT

activeCollab "re_route" Cross-Site Scripting Vulnerability and Information Disclosure

Release Date: 2009-05-19

Critical:
Less critical
Impact: Cross Site Scripting
Exposure of system information
Where: From remote
Solution Status: Unpatched

Software: activeCollab 1.x
activeCollab 2.x

Description:
r0t has reported a vulnerability and a weakness in activeCollab, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks.

Input passed to the "re_route" parameter in /login is not properly sanitised before being returned to the user in an error message. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This can also be exploited to disclose the full installation path of the application.

The vulnerability and the weakness are reported in version 2.1. Other versions may also be affected.

http://secunia.com/advisories/35079/

Collapse -
Ascad Networks Products Insecure Cookie Handling Vulnerabili
by Marianna Schmudlach / May 19, 2009 12:40 AM PDT

Release Date: 2009-05-19

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched

Software: Ascad Networks c7 Portal 1.x
Ascad Networks Form Processor Gold 1.x
Ascad Networks Guestbook Creator 1.x
Ascad Networks Mini Forum 1.x
Ascad Networks Password Protector SD 2.x

Description:
A vulnerability has been reported in various Ascad Networks products, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restrictions when accessing the administration interface. This can be exploited to bypass the authentication mechanism and gain access to the administration control panel by setting certain cookies.

The vulnerability is reported in the following products and versions:
* c7 Portal 1.1.0
* Password Protector SD v2 (ppSD2)
* Form Processor Gold
* Guestbook Creator 1.5
* Mini Forum 1.0.1

http://secunia.com/advisories/35077/

Collapse -
Microsoft warns of new server vulnerability
by Marianna Schmudlach / May 19, 2009 12:45 AM PDT

by Ina Fried

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.

In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)."

The company said that a flaw exists in a certain type of Web serving operation.

"An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests," Microsoft said. "An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."

More: http://news.cnet.com/8301-13860_3-10244294-56.html?part=rss&subj=news&tag=2547-1009_3-0-20

Collapse -
Microsoft Internet Information Services (IIS) WebDAV Request
by Marianna Schmudlach / May 19, 2009 7:32 AM PDT

US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens. Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. NTFS file ACLs will generally prevent the anonymous internet user from writing to an unauthorized area. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.

US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the vendor:

Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing "Translate: f" headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.

Microsoft has released Security Advisory 971492 to provide information about this vulnerability. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

http://www.us-cert.gov/current/current_activity.html#microsoft_internet_information_services_iis

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?