VULNERABILITIES \ FIXES - November 10, 2008

10 November 2008

Attackers have been using the recently announced vulnerability in Adobe Reader 8 to attack Windows users, warn security experts from ISC (Internet Storm Center). The attackers are exploiting the util.printf JavaScript function to trigger a buffer overload. A PDF containing the malicious code was recognised by over 30 virus scanners at VirusTotal, although it would take only a simple obfuscation of the code to outsmart antivirus engines.

More: http://www.heise-online.co.uk/security/Hackers-exploit-PDF-security-flaws--/news/111920

added November 10, 2008 at 09:03 am

VMware has released Security Advisory VMSA-2008-0018 and has updated Security Advisory VMSA-2008-0016.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to conduct directory traversal attacks, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review VMware Security Advisories VMSA-2008-0018 and VMSA-2008-0016.1 and apply any necessary updates to help mitigate the risks.


http://www.us-cert.gov/current/current_activity.html#vmware_releases_security_advisory_vmsa2

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

Software: NetMRG 0.x

Description:
A security issue has been reported in NetMRG, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "rrdedit" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in version 0.20. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496384

Release Date: 2008-11-07

ritical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

Software: lmbench 2.x

Description:
Some security issue have been reported in lmbench, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to the "scripts/****" and "scripts/rccs" scripts using temporary files in an insecure manner. This can be exploited to overwrite arbitrary files via symlink attacks.

NOTE: Similar security issues in src/rhttp.c, src/lat_fcntl.c, src/lat_fifo.c, src/lat_proc.c, and src/lmhttp.c have also been reported.

The security issues affect version 2.5. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov and Thijs Kinkhorst in a Debian bug report for development version 3.0-a7.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496427

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Pre Simple CMS

Description:
Hussin X has reported a vulnerability in Pre Simple CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "user" parameter in siteadmin/loginsucess.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/7004

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: PHP Classifieds 7.x

Description:
ZoRLu has reported a vulnerability in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "admin_username" parameter in login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
ZoRLu

Original Advisory:
http://milw0rm.com/exploits/7023

Release Date: 2008-11-07

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

Software: Silva 1.x
Silva 2.x


Description:
Russ McRee has reported a vulnerability in Silva, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "fulltext" parameter to the Silva Find component when performing a search is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in Silva Find version 1.1.5 and prior included in Silva prior to 2.1.0.2, 2.0.12.2, and 1.6.3.2.

Solution:
Update to version 2.1.0.2, 2.0.12.2, or 1.6.3.2.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Original Advisory:
http://holisticinfosec.org/content/view/91/45/

Release Date: 2008-11-10

ritical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

Software: Scilab 4.x

Description:
Some security issues have been reported in Scilab, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to the "bin/scilink", "util/scidoc", and "util/scidem" scripts using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issues are reported in version 4.1.2. Other versions may also be affected.

Solution:
Upgrade to version 5.0 or later.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496414

Scilab:
http://bugzilla.scilab.org/show_bug.cgi?id=3409

Published: 2008-11-10,
Last Updated: 2008-11-10 22:07:03 UTC
by Stephen Hall (Version: 1)

Apple have released iLIfe support version 8.3.1 which addresses three security issues with the ImageIO component.

These addresses issues in Mac OSX releases 10.4.9 through 10.4.11 and can be found on the Apple support site.

The following CVE's are covered:

More: http://isc.sans.org/