Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - May 28, 2009

by Marianna Schmudlach / May 27, 2009 11:39 PM PDT

Simple Machines Forum BMP Uploads Cross-Site Scripting

Release Date: 2009-05-28

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

Software: Simple Machines Forum 1.x


Description:
Jacques Copeau has reported a vulnerability in Simple Machines Forum, which can be exploited by malicious users to conduct cross-site scripting attacks.

The vulnerability is caused due to insecure handling of uploaded BMP image files. This can be exploited to execute arbitrary HTML and script code in a user's Internet Explorer session in the context of an affected site by uploading malformed BMP files, which are interpreted by the user's browser as having a "text/html" MIME type.

The vulnerability is reported in version 1.1.18. Other versions may also be affected.

http://secunia.com/advisories/35267/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - May 28, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - May 28, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
libsndfile Multiple Division by Zero Denial of Service Vulne
by Marianna Schmudlach / May 27, 2009 11:40 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched

Software: libsndfile 1.x

Description:
Some vulnerabilities have been discovered in libsndfile, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to errors in the "htk_read_header()", "alaw_init()", "ulaw_init()", "pcm_init()", "float32_init()", and "sds_read_header()" functions. These can be exploited to cause divisions by zero via specially crafted audio data.

The vulnerabilities are confirmed in version 1.0.20. Other versions may also be affected.

http://secunia.com/advisories/35266/

Collapse -
Easy Px 41 CMS "fiche" Information Disclosure Vulnerability
by Marianna Schmudlach / May 27, 2009 11:41 PM PDT

Release Date: 2009-05-28

Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Easy PX 41 CMS

Description:
ThE g0bL!N has reported a vulnerability in Easy PX 41 CMS, which can be exploited by malicious people to disclose sensitive information.

Input passed via the "fiche" parameter to index.php is not properly verified before being used to read files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.

http://secunia.com/advisories/35252/

Collapse -
PRTG Traffic Grapher Cross-Site Scripting Vulnerability
by Marianna Schmudlach / May 27, 2009 11:42 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

Software: PRTG Traffic Grapher 6.x

Description:
A vulnerability has been reported in PRTG Traffic Grapher, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to the web interface is not properly sanitised before being returned to the user via the "Monitor_Bandwidth" function. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 6.2.2.977. Other versions may also be affected.

http://secunia.com/advisories/35249/

Collapse -
rPath update for tshark and wireshark
by Marianna Schmudlach / May 27, 2009 11:43 PM PDT

Release Date: 2009-05-28

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: rPath Linux 1.x

Description:
rPath has issued an update for tshark and wireshark. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/35248/

Collapse -
Gentoo update for libsndfile
by Marianna Schmudlach / May 27, 2009 11:44 PM PDT

Release Date: 2009-05-28

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for libsndfile. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

http://secunia.com/advisories/35247/

Collapse -
rPath update for ntp
by Marianna Schmudlach / May 27, 2009 11:45 PM PDT

Release Date: 2009-05-28

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: rPath Linux 1.x

Description:
rPath has issued an update for ntp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

http://secunia.com/advisories/35243/

Collapse -
rPath update for cyrus-sasl
by Marianna Schmudlach / May 27, 2009 11:46 PM PDT

Release Date: 2009-05-28

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: rPath Linux 1.x

Description:
rPath has issued an update for cyrus-sasl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

http://secunia.com/advisories/35239/

Collapse -
Vanilla "RequestName" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / May 27, 2009 11:47 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

Software: Vanilla 1.x

Description:
A vulnerability has been reported in Vanilla, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "RequestName" parameter in ajax/updatecheck.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 1.0.8.

http://secunia.com/advisories/35234/

Collapse -
Fedora update for freetype1
by Marianna Schmudlach / May 27, 2009 11:48 PM PDT

Release Date: 2009-05-28

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10

Description:
Fedora has issued an update for freetype1. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.

http://secunia.com/advisories/35233/

Collapse -
Drupal Ajax Session Module Cross-Site Scripting and Request
by Marianna Schmudlach / May 27, 2009 11:49 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: Drupal Ajax Session Module 5.x

Description:
Some vulnerabilities have been reported in the Ajax Session module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.

http://secunia.com/advisories/35232/

Collapse -
Fedora update for acpid
by Marianna Schmudlach / May 27, 2009 11:50 PM PDT

Release Date: 2009-05-28

Critical:
Not critical
Impact: DoS
Where: Local system
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for acpid. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

http://secunia.com/advisories/35231/

Collapse -
pam_krb5 Password Prompt User Enumeration Security Issue
by Marianna Schmudlach / May 27, 2009 11:51 PM PDT

Release Date: 2009-05-28

Critical:
Not critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: pam_krb5 2.x

Description:
A security issue has been reported in pam_krb5, which can be exploited by malicious people to disclose potentially sensitive information.

The security issue is caused due to pam_krb5 returning different password prompts depending on whether or not a valid user name is supplied, which can be exploited to enumerate valid user names.

The security issue is reported in versions 2.2.14 and later.


http://secunia.com/advisories/35230/

Collapse -
Citrix Password Manager Secondary Password Information Discl
by Marianna Schmudlach / May 27, 2009 11:52 PM PDT

Release Date: 2009-05-28


Critical:
Not critical
Impact: Security Bypass
Exposure of sensitive information
Where: From local network
Solution Status: Vendor Patch

Software: Citrix Password Manager 4.x

Description:
A security issue has been reported in Citrix Password Manager, which can be exploited by malicious users to bypass certain security restrictions and potentially disclose sensitive information.

The security issue is caused due to an unspecified error, which can be exploited by a user to access their own stored secondary credentials. In certain configurations this may violate the security policy defined by the administrator.

The security issue is reported in Password Manager 4.1, 4.5, and 4.6.

http://secunia.com/advisories/35229/

Collapse -
Fedora update for php-Smarty
by Marianna Schmudlach / May 27, 2009 11:53 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for php-Smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

http://secunia.com/advisories/35219/

Collapse -
Fedora update for kernel
by Marianna Schmudlach / May 27, 2009 11:53 PM PDT

Release Date: 2009-05-28

Critical:
Less critical
Impact: DoS
System access
Where: From local network
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code.

http://secunia.com/advisories/35217/

Collapse -
Fedora update for libwmf
by Marianna Schmudlach / May 27, 2009 11:54 PM PDT

Release Date: 2009-05-28

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for libwmf. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

http://secunia.com/advisories/35190/

Collapse -
Fedora update for eggdrop
by Marianna Schmudlach / May 27, 2009 11:55 PM PDT

Release Date: 2009-05-28

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Fedora 10
Fedora 9

Description:
Fedora has issued an update for eggdrop. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).


http://secunia.com/advisories/35158/

Collapse -
ATutor Documentation Frameset "p" Phishing Vulnerability
by Marianna Schmudlach / May 27, 2009 11:56 PM PDT

Release Date: 2009-05-28

Critical:
Not critical
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch

Software: ATutor 1.x

Description:
Russ McRee has discovered a vulnerability in ATutor, which can be exploited by malicious people to conduct phishing attacks.

Input passed to the "p" parameter in documentation/index.php is not properly verified before being linked into the frameset, which can be used to conduct spoofing or phishing attacks.

The vulnerability is confirmed in version 1.6.2. Other versions may also be affected.

http://secunia.com/advisories/35043/

Collapse -
Vulnerabilities in Nortel and SonicWall products
by Marianna Schmudlach / May 27, 2009 11:59 PM PDT

Security services provider SEC Consult has issued reports of vulnerabilities in Nortel and SonicWall products. Two vulnerabilities in Nortel Contact Center Manager Server allow unauthorised access to the server. According to the report, administrative rights can easily be obtained by setting a cookie with simple content. In addition, in response to certain queries the SOAP interface returns passwords in plain text. Nortel has released an update which fixes the problems.

Vulnerabilities in SonicWall's Global Security Client (GSC) and Global VPN Client (GVC) allow privilege escalation. In GSC, it merely requires an attacker to call a windows command line (cmd.exe) via the Eventviewer ? this then runs with SYSTEM privileges. In GVC, attackers can replace the binaries for the VPN service with programs of their choice.

More: http://www.h-online.com/security/Vulnerabilities-in-Nortel-and-SonicWall-products--/news/113391

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.