Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VULNERABILITIES \ FIXES - November 2, 2008

by Marianna Schmudlach Nov 2, 2008 12:48AM PDT

LibSPF2 DNS TXT Record Parsing Bug

2 Nov. 2008

Summary
A relatively common bug parsing TXT records delivered over DNS, dating at least back to 2002 in Sendmail 8.2.0 and almost certainly much earlier, has been found in LibSPF2, a library frequently used to retrieve SPF (Sender Policy Framework) records and apply policy according to those records. This implementation flaw allows for relatively flexible memory corruption, and should thus be treated as a path to anonymous remote code execution. Of particular note is that the remote code execution would occur on servers specifically designed to receive E-Mail from the Internet, and that these systems may in fact be high volume mail exchangers. This creates privacy implications. It is also the case that a corrupted email server is a useful jumping off point for attackers to corrupt desktop machines, since attachments can be corrupted with malware while the containing message stays intact. So there are internal security implications as well, above and beyond corruption of the mail server on the DMZ.

Credit:
The information has been provided by Dan Kaminsky.


http://www.securiteam.com/unixfocus/6N0020KN6U.html

Discussion is locked

12 Posts
- Collapse + Expand Details
- Collapse -
Adobe PageMaker Key Strings Stack Buffer Overflow Vulnerabil
by Marianna Schmudlach Nov 2, 2008 12:50AM PDT

2 Nov. 2008

Summary
Adobe PageMaker is "document layout application, and is commonly used for desktop publishing". Remote exploitation of a stack buffer overflow vulnerability in Adobe Systems Inc.'s PageMaker could allow an attacker to execute arbitrary code with the privileges of the current user.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=749


http://www.securiteam.com/windowsntfocus/6N0030KN5K.html

- Collapse -
IBM Tivoli Storage Manager Express for Microsoft SQL Heap Ov
by Marianna Schmudlach Nov 2, 2008 12:51AM PDT

IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

2 Nov. 2008

Summary
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express for Microsoft SQL. Authentication is not required to exploit this vulnerability.

Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-08-071

http://www.securiteam.com/windowsntfocus/6S0080KN5E.html

- Collapse -
Adobe PageMaker PMD File Processing Buffer Overflows
by Marianna Schmudlach Nov 2, 2008 12:52AM PDT

2 Nov. 2008

Summary
"Adobe PageMaker 7.0 software is the ideal page layout program for business, education, and small- and home-office professionals who want to create high-quality publications such as brochures and newsletters. Get started quickly with templates, graphics, and intuitive design tools; work productively across Adobe applications; and easily leverage existing content to create customized communications." Secunia Research has discovered two vulnerabilities in Adobe PageMaker, which can be exploited by malicious people to compromise a user's system.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-80/


http://www.securiteam.com/windowsntfocus/6L0000KN6I.html

- Collapse -
Altiris Deployment Server Agent Privilege Escalation
by Marianna Schmudlach Nov 2, 2008 12:53AM PDT

2 Nov. 2008

Summary
Altiris Deployment Server agent is installed as part of the Altiris packages to allow the Deployment Server to manage software
for machines. It is usually installed to C:\Program Files\Altiris\AClient and the main running agent is called AClient.exe. By default the Altiris agent runs under the Local System account and is vulnerable to numerous Shatter Attack vulnerabilities leading to an attacker running code under the Local System privilege.

Credit:
The information has been provided by Brett Moore.
The original article can be found at: http://www.insomniasec.com/advisories/ISVA-081020.1.htm


http://www.securiteam.com/windowsntfocus/6O0030KN6O.html

- Collapse -
GNU Enscript "setfilename" Special Escape Buffer Overflow
by Marianna Schmudlach Nov 2, 2008 12:54AM PDT

2 Nov. 2008

Summary
"GNU Enscript is a free replacement for the Adobe's enscript program. Enscript converts ASCII files to PostScript and spools generated PostScript output to the specified printer or leaves it to file. Enscript can be easily extended to handle different output media and it has many options that can be used to customize printouts." Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2008-41/


http://www.securiteam.com/unixfocus/6M0010KN6G.html

- Collapse -
Reflective Dll Injection
by Marianna Schmudlach Nov 2, 2008 12:56AM PDT

2 Nov. 2008

Summary
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.

Credit:
The information has been provided by Stephen Fewer.
The original article can be found at: http://www.harmonysecurity.com/files/HS-P005_ReflectiveDllInjection.pdf


http://www.securiteam.com/securityreviews/6P0050KN5U.html

- Collapse -
Interact SQL Injection and Cross-Site Request Forgery
by Marianna Schmudlach Nov 2, 2008 12:57AM PDT

2 Nov. 2008

Summary
"Interact is a platform for the delivery and support of online learning. It differs from many other elearning platforms in that its aim is to concentrate on the social/interactive aspects of teaching and learning rather than the delivery of content to students." Secunia Research has discovered two vulnerabilities in Interact, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2008-44/


http://www.securiteam.com/securitynews/6L0010KN5W.html

- Collapse -
OpenOffice EMF Record Parsing Multiple Integer Overflow Vuln
by Marianna Schmudlach Nov 2, 2008 12:58AM PDT

2 Nov. 2008

Summary
OpenOffice is "an open-source office application that supports reading and writing a wide variety of file formats". Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750


http://www.securiteam.com/securitynews/6M0020KN5S.html

- Collapse -
SonicWALL Content-Filtering Universal Script Injection Vulne
by Marianna Schmudlach Nov 2, 2008 12:59AM PDT

2 Nov. 2008

Summary
A vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link.

Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: SonicWALL Pro 2040



http://www.securiteam.com/securitynews/6O0040KN5C.html

- Collapse -
Oracle WebLogic Apache Connector
by Marianna Schmudlach Nov 2, 2008 1:00AM PDT

2 Nov. 2008

Summary
The WebLogic Apache Connector is "module for the Apache httpd server. It is used to proxy requests from Apache to a backend WebLogic server". Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=751


http://www.securiteam.com/securitynews/6R0070KN5W.html

- Collapse -
Novell eDirectory NCP Get Extension Information Request Memo
by Marianna Schmudlach Nov 2, 2008 1:01AM PDT

2 Nov. 2008

Summary
Novell eDirectory is "cross platform directory server. NetWare Core Protocol, commonly referred to as NCP, is used by eDirectory to synchronize data between servers in the directory tree. NCP supports various request types, one of which is the 'Get NCP Extension Information By Name Request'." Remote exploitation of a memory corruption vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748


http://www.securiteam.com/securitynews/6T0090KN5M.html

- Collapse -
VLC Media Player TiVo ty Processing Stack Overflow Vulnerabi
by Marianna Schmudlach Nov 2, 2008 1:02AM PDT
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info