Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - May 26, 2008

by Marianna Schmudlach / May 26, 2008 12:40 AM PDT

SaraB Disclosure of DAR Encryption Ciphers

Secunia Advisory: SA30394
Release Date: 2008-05-26


Critical:
Less critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


Software: SaraB 0.x



Description:
A security issue has been reported in SaraB, which can be exploited by malicious, local users to disclose sensitive information.

The problem is that encryption ciphers are passed to DAR as arguments on the command line when creating a backup. This can be exploited to extract the DAR encryption ciphers via the process list.

The security issue is reported in versions prior to 0.2.4.

Solution:
Update to version 0.2.4.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/showno...?release_id=601603&group_id=91804

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - May 26, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - May 26, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
libpam-pgsql Authentication Bypass Security Issue
by Marianna Schmudlach / May 26, 2008 12:42 AM PDT

Secunia Advisory: SA30391
Release Date: 2008-05-26


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: libpam-pgsql 0.x

Description:
A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error in "pam_sm_authenticate()" in pam_pgsql.c and can be exploited to bypass authentication, e.g. by sending a SIGINT during the authentication process.

The vulnerability is reported in version 0.6.3. Prior versions may also be affected.

Solution:
Update to version 0.6.4.

Provided and/or discovered by:
Julian Mehnle

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=601775

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970

Collapse -
Core FTP Directory Download Directory Traversal Vulnerabilit
by Marianna Schmudlach / May 26, 2008 12:43 AM PDT

Secunia Advisory: SA30389
Release Date: 2008-05-26


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Core FTP LE 2.x
Core FTP Pro 2.x

Description:
Tan Chew Keong has reported a vulnerability in Core FTP, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system.

Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server.

The vulnerability is reported in Core FTP LE/PRO version 2.1 Build 1565

Solution:
Update to version 2.1 Build 1568.

Provided and/or discovered by:
Tan Chew Keong

Original Advisory:
http://vuln.sg/coreftp211565-en.html

Collapse -
encrypt Anubis Plugin Original File Size Weakness
by Marianna Schmudlach / May 26, 2008 12:45 AM PDT

Secunia Advisory: SA30388
Release Date: 2008-05-26


Critical:
Not critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Anubis (plugin for encrypt) 1.x

Description:
A weakness has been reported in the Anubis plugin for encrypt, which can be exploited by malicious people to disclose potentially sensitive information.

The weakness is caused due to the Anubis plugin not encrypting the size of the original file within the header of encrypted files. This allows to gain information about the amount of padding data and may weaken the security of the encryption.

The weakness is reported in versions prior to 1.3.

Solution:
Update to version 1.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://albinoloverats.net/index.php?...&task=view&id=60&Itemid=2

Collapse -
Slackware update for php
by Marianna Schmudlach / May 26, 2008 12:46 AM PDT

Secunia Advisory: SA30387
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.488951

Other References:
SA30048:
http://secunia.com/advisories/30048/

Collapse -
Sun Java System Web Server Advanced Search Cross-Site Script
by Marianna Schmudlach / May 26, 2008 12:47 AM PDT

Secunia Advisory: SA30381
Release Date: 2008-05-26


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java System Web Server (Sun ONE/iPlanet) 6.x
Sun Java System Web Server 7.x



Description:
A vulnerability has been reported in Sun Java System Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to the advanced search functionality is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in Sun Java System Web Server 6.1 and 7.0.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-236481-1

Collapse -
ThinkVantage System Update Missing SSL Certificate Chain Ver
by Marianna Schmudlach / May 26, 2008 12:49 AM PDT

ThinkVantage System Update Missing SSL Certificate Chain Verification

Secunia Advisory: SA30379
Release Date: 2008-05-26


Critical:
Less critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


Software: ThinkVantage System Update 3.x

Description:
Derek Callaway has reported a security issue in ThinkVantage System Update, which can be exploited by malicious people to conduct spoofing attacks.

The problem is that the application does not perform SSL certificate chain verification when connecting to the update server.

Successful exploitation allows e.g. downloading and executing malicious programs, but requires that the application connects to a malicious update server providing a specially crafted X.509 certificate (e.g. via DNS poisoning).

The security issue is reported in version 3.13.0005. Other versions may also be affected.

Solution:
Update to version 3.14.
http://www-307.ibm.com/pc/support/sit...testyle=lenovo&lndocid=MIGR-66956

Provided and/or discovered by:
Derek Callaway, Security Objectives

Original Advisory:
SECOBJADV-2008-01:
http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt

Collapse -
OneCMS "load" Local File Inclusion Vulnerability
by Marianna Schmudlach / May 26, 2008 12:50 AM PDT

Secunia Advisory: SA30378
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: OneCMS 2.x

Description:
Digital Security Research Group has discovered a vulnerability in OneCMS, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "load" parameter in install_mod.php (when "act" is set to "go") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources with an HTTP client that does not follow redirects.

The vulnerability is confirmed in version 2.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Digital Security Research Group

Original Advisory:
http://milw0rm.com/exploits/5669

Collapse -
RoomPHPlanning "idresa" SQL Injection Vulnerability
by Marianna Schmudlach / May 26, 2008 12:51 AM PDT

Secunia Advisory: SA30376
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: RoomPHPlanning 1.x

Description:
His0k4 has discovered a vulnerability in RoomPHPlanning, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "idresa" parameter in resaopen.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Other parameters may also be affected.

The vulnerability is confirmed in version 1.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Filter malicious characters and character sequences in a proxy.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5670

Collapse -
phpRaider "pConfig_auth[phpbb_path]" File Inclusion
by Marianna Schmudlach / May 26, 2008 12:52 AM PDT

Secunia Advisory: SA30375
Release Date: 2008-05-26


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: phpRaider 1.x

Description:
KaCaK has discovered a vulnerability in phpRaider, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.

Input passed to the "pConfig_auth[phpbb_path]" parameter in authentication/phpbb3/phpbb3.functions.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.0.7a and reported in version 1.0.7. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
KaCaK a.k.a. Dr.Hack3r

Original Advisory:
http://milw0rm.com/exploits/5671

Collapse -
Xomol CMS Local File Inclusion and SQL Injection
by Marianna Schmudlach / May 26, 2008 12:54 AM PDT

Secunia Advisory: SA30374
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Xomol CMS 1.x

Description:
DNX has discovered some vulnerabilities in Xomol CMS, which can be exploited by malicious people to disclose potentially sensitive information or conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly verified and sanitised.

Provided and/or discovered by:
DNX

Original Advisory:
http://milw0rm.com/exploits/5673

Collapse -
plusPHP Short URL Multi-User Script "_pages_dir" File Inclus
by Marianna Schmudlach / May 26, 2008 12:55 AM PDT

Secunia Advisory: SA30373
Release Date: 2008-05-26


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: plusPHP Short URL Multi-User Script 1.x

Description:
DR.TOXIC has reported a vulnerability in plusPHP Short URL Multi-User Script, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "_pages_dir" parameter in plus.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and external resources.

The vulnerability is reported in version 1.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
DR.TOXIC

Original Advisory:
http://milw0rm.com/exploits/5672

Collapse -
PCPIN Chat URL Redirection Script Cross-Site Scripting
by Marianna Schmudlach / May 26, 2008 12:56 AM PDT

Secunia Advisory: SA30371
Release Date: 2008-05-26


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: PCPIN Chat 6.x

Description:
A vulnerability has been reported in PCPIN Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input passed to the URL redirection script (inc/url_redirection.inc.php) is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 6.11.

Solution:
Update to version 6.11 or apply patch.

Provided and/or discovered by:
Reported by the vendor.

Changelog:
http://community.pcpin.com/?include=700&thread_id=6918

Collapse -
Slackware update for mozilla-thunderbird
by Marianna Schmudlach / May 26, 2008 12:58 AM PDT

Secunia Advisory: SA30370
Release Date: 2008-05-26


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://slackware.com/security/viewer....=2008&m=slackware-security.447313

Other References:
SA29548:
http://secunia.com/advisories/29548/

Collapse -
rPath update for php
by Marianna Schmudlach / May 26, 2008 12:59 AM PDT

Secunia Advisory: SA30345
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

Other References:
SA28923:
http://secunia.com/advisories/28923/

SA30048:
http://secunia.com/advisories/30048/

Collapse -
Mambo Multiple Vulnerabilities
by Marianna Schmudlach / May 26, 2008 1:00 AM PDT

Secunia Advisory: SA30343
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Mambo 4.x

Description:
Some vulnerabilities have been reported in Mambo, which can be exploited by malicious people to conduct SQL injection or HTTP response splitting attacks.

Solution:
Update to version 4.6.4.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forum.mambo-foundation.org/showthread.php?t=11799

Collapse -
Debian update for mtr
by Marianna Schmudlach / May 26, 2008 1:02 AM PDT

Secunia Advisory: SA30340
Release Date: 2008-05-26


Critical:
Less critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for mtr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00165.html

Other References:
SA30312:
http://secunia.com/advisories/30312/

Collapse -
Starsgames Control Panel "st" Cross-Site Scripting
by Marianna Schmudlach / May 26, 2008 1:03 AM PDT

Secunia Advisory: SA30321
Release Date: 2008-05-26


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Starsgames Control Panel 4.x

Description:
CWH Underground has reported a vulnerability in Starsgames Control Panel, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "st" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 4.6.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Collapse -
MxBB Portal "page" SQL Injection Vulnerability
by Marianna Schmudlach / May 26, 2008 1:05 AM PDT

Secunia Advisory: SA30318
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: MxBB Portal 2.x

Description:
cOndemned has reported a vulnerability in MxBB Portal, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "page" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.7.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
cOndemned

Original Advisory:
http://milw0rm.com/exploits/5659

Collapse -
EntertainmentScript SQL Injection and Local File Inclusion
by Marianna Schmudlach / May 26, 2008 1:07 AM PDT

Secunia Advisory: SA30311
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: EntertainmentScript 1.x



Description:
Two vulnerabilities have been reported in EntertainmentScript (ES), which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Provided and/or discovered by:
1) Mr.SQL
2) Stack-Terrorist

Original Advisory:
1) http://milw0rm.com/exploits/5654
2) http://milw0rm.com/exploits/5655

Collapse -
eMule Plus "staticservers.dat" Unspecified Vulnerability
by Marianna Schmudlach / May 26, 2008 1:08 AM PDT

Secunia Advisory: SA30277
Release Date: 2008-05-26


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


Software: eMule Plus 1.x

Description:
A vulnerability with an unknown impact has been reported in eMule Plus.

The vulnerability is caused due to an unspecified error in the staticservers.dat processing. No further information is available.


Solution:
Update to version 1.2d.
http://sourceforge.net/project/showfiles.php?group_id=71866

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=600155

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.