Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - November 20, 2007

by Marianna Schmudlach / November 20, 2007 1:12 AM PST

SUSE update for apache2



Secunia Advisory: SA27732
Release Date: 2007-11-20


Critical:
Less critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9


Description:
SUSE has issued an update for apache2. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting attacks or to cause a DoS.

For more information:
SA26273
SA26636

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html

Other References:
SA26273:
http://secunia.com/advisories/26273/

SA26636:
http://secunia.com/advisories/26636/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - November 20, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - November 20, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Rigs Of Rods Denial of Service Vulnerability
by Marianna Schmudlach / November 20, 2007 1:14 AM PST

Secunia Advisory: SA27729
Release Date: 2007-11-20


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Rigs of Rods 0.x

Description:
Luigi Auriemma has reported a vulnerability in Rigs of Rods, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error within the handling of "MSG2_USE_VEHICLE" messages. This can be exploited to overflow a static buffer with 255 bytes by sending a "MSG2_USE_VEHICLE" message containing an overly long vehicle name.

The vulnerability is reported in version 0.33d. Prior versions may also be affected.

Solution:
Update to version 0.33d SP1.
http://forum.rigsofrods.com/index.php?topic=3140.0

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
Luigi Auriemma:
http://aluigi.altervista.org/adv/rorbof-adv.txt

Rigs of Rods:
http://forum.rigsofrods.com/index.php?topic=3140.0

Collapse -
Mandriva update for cups
by Marianna Schmudlach / November 20, 2007 1:15 AM PST

Secunia Advisory: SA27724
Release Date: 2007-11-20


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

For more information:
SA18332

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:228

Other References:
SA18332:
http://secunia.com/advisories/18332/

Collapse -
OmniPCX Enterprise Communications Server IP Touch Phone Audi
by Marianna Schmudlach / November 20, 2007 1:16 AM PST

OmniPCX Enterprise Communications Server IP Touch Phone Audio Unavailability Weakness

Secunia Advisory: SA27710
Release Date: 2007-11-20


Critical:
Not critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: OmniPCX Enterprise 6.x
OmniPCX Enterprise 7.x

Description:
A weakness has been reported in OmniPCX Enterprise Communications Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an input validation error when handling initial download configuration requests. This can be exploited to cause a target IP Touch phone to not receive audio feedback via a specially-crafted TFTP request containing the target phone's MAC address as part of the filename.

The weakness affects the following versions:
* OmniPCX Enterprise R7.1
* OmniPCX Enterprise R7.0
* OmniPCX Enterprise R6.2
* OmniPCX Enterprise R6.1
* OmniPCX Enterprise R6.0

Solution:
Apply patches or upgrade/update to a fixed version.

OmniPCX Enterprise R7.1:
Install patch F5.401.21.e.

OmniPCX Enterprise R7.0:
Upgrade to release R7.1.

OmniPCX Enterprise R6.2:
Install patch F3.301.38.a.

OmniPCX Enterprise R6.1:
Install patch F2.502.33.

OmniPCX Enterprise R6.0 and earlier (phased out):
Upgrade to release R7.1.

Provided and/or discovered by:
Daniel Stirnimann, Compass Security

Original Advisory:
Alcatel-Lucent (2007004):
http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.htm

Collapse -
Click&BaneX Two SQL Injection Vulnerabilities
by Marianna Schmudlach / November 20, 2007 1:18 AM PST

Secunia Advisory: SA27700
Release Date: 2007-11-20


Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Click&BaneX

Description:
Aria-Security Team have reported two vulnerabilities in Click&BaneX, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "userid" and "PassWord" parameters in main_loginCheck.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. logging in without valid user credentials.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Aria-Security Team

Collapse -
Mandriva update for net-snmp
by Marianna Schmudlach / November 20, 2007 1:19 AM PST

Secunia Advisory: SA27685
Release Date: 2007-11-20


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA27558

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:225

Other References:
SA27558:
http://secunia.com/advisories/27558/

Collapse -
rPath update for php5
by Marianna Schmudlach / November 20, 2007 1:20 AM PST

Secunia Advisory: SA27659
Release Date: 2007-11-20


Critical:
Moderately critical
Impact: Unknown
Security Bypass

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x


Description:
rPath has issued an update for php5. This fixes some vulnerabilities and weaknesses, where some have unknown impacts and others can be exploited to bypass certain security restrictions.

This is related to:
SA27648

Solution:
Update to:
"php5=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-cgi=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-mysql=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-pear=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-pgsql=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-soap=conary.rpath.com@rpl:1/5.2.5-1-1"
"php5-xsl=conary.rpath.com@rpl:1/5.2.5-1-1"

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2007-November/000277.html

Other References:
SA27648:
http://secunia.com/advisories/27648/

Collapse -
ISP Manager "responder" Privilege Escalation Vulnerability
by Marianna Schmudlach / November 20, 2007 1:21 AM PST

Secunia Advisory: SA27585
Release Date: 2007-11-20


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


Software: ISP Manager 4.x

Description:
Andrew Christensen has reported a vulnerability in ISP Manager, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error within the setuid-binary usr/local/ispmgr/sbin/responder when handling arguments and can be exploited to execute arbitrary commands with root privileges.

The vulnerability is reported in version 4.2.15.1. Other versions may also be affected.

Solution:
Grant only trusted users access to the affected system.

Provided and/or discovered by:
Andrew Christensen, FortConsult

Original Advisory:
http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf

Collapse -
Gentoo update for perl
by Marianna Schmudlach / November 20, 2007 1:23 AM PST

Secunia Advisory: SA27570
Release Date: 2007-11-20


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27546

Solution:
Update to "dev-lang/perl-5.8.8-r4" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml

Other References:
SA27546:
http://secunia.com/advisories/27546/

Collapse -
Mozilla Foundation to close XXS hole in Firefox
by Marianna Schmudlach / November 20, 2007 3:36 AM PST

The recently identified vulnerability in Firefox's implementation of the 'jar' protocol appears to offer greater potential for misuse than previously assumed. The hole can be exploited to obtain logon credentials by tricking specific defence mechanisms or filters that protect against cross-site scripting and active content on websites such as MySpace. It had previously been claimed that this would be possible only if zip or other archives containing specially doctored content were stored on web servers visited by victims.

More: http://www.heise-security.co.uk/news/99301

Collapse -
Credit card security codes offer little protection
by Marianna Schmudlach / November 20, 2007 3:38 AM PST

The three digit security code (Credit Card Validation Number, CVN) on credit cards clearly offers insufficient protection from abuse, according to a report on german television channel ZDF's WISO business magazine program yesterday (Monday). The security code is intended to ensure that the card can only be used by its owner. According to the report, however, possession of a credit card's card number and expiry date is all a fraudster needs to be able to make purchases online. In tests, security services provider Syss found that at 80 percent of online shops it was in fact possible to simply try out every possible security number online, using, for example, an automated brute force attack.

More: http://www.heise-security.co.uk/news/99293

Collapse -
Vulnerability in WordPress cookie authentication
by Marianna Schmudlach / November 20, 2007 3:40 AM PST

A design flaw in the WordPress blog software authentication process makes it easier than previously believed for attackers to compromise a system. Most content management systems and blogs save user passwords as hashes in the underlying database. So even if attackers were to get access to the hashes stored in the database, for instance by means of an SQL injection hole, they have not been able to do much with them up to now. Specifically, if they want to recover the passwords, they would have to compare a hash with entries in a "rainbow table" ? a process that can take some time and may not work at all for long passwords, for which there simply are no tables.

More: http://www.heise-security.co.uk/news/99280

Collapse -
Citrix remedies a vulnerability in several products
by Marianna Schmudlach / November 20, 2007 3:42 AM PST

Citrix has released a number of updates intended to make attacking Citrix servers more difficult. According to a security advisory it may be possible to execute application-related commands on a server using prepared ICA files with the attacked user's rights. To do this, however, the user has to open this type of file or load it with the ICA browser plug-in. In the latter case, all that is required is a visit to a website. In order to launch a successful attack, the victim has to have the right to execute so-called "published applications". Also, the Citrix server has to be configured to forward additional parameters to the application.

More: http://www.heise-security.co.uk/news/99264

Collapse -
Apple Mail in Leopard with the same old error
by Marianna Schmudlach / November 20, 2007 3:43 AM PST

News
Report of 20.11.2007 10:00 [<< previous] [next >>]

Apple Mail in Leopard with the same old error

In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file.

Files on a Mac can contain additional information, such as the one that another program should be used to open them. The operating system stores these in the file system in a so-called "resource fork", which is linked to the file. This type of information is usually limited to the local system; however, for emails the MIME format AppleDouble allows resource forks to be attached -- these are automatically analyzed by Apple Mail.

More: http://www.heise-security.co.uk/news/99257

Collapse -
Sun Solaris Mozilla 1.7 Multiple Vulnerabilities
by Marianna Schmudlach / November 20, 2007 10:57 AM PST

TITLE:
Sun Solaris Mozilla 1.7 Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA27603

VERIFY ADVISORY:
http://secunia.com/advisories/27603/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Sun Solaris 10
http://secunia.com/product/4813/
Sun Solaris 9
http://secunia.com/product/95/
Sun Solaris 8
http://secunia.com/product/94/

DESCRIPTION:
Sun has acknowledged multiple vulnerabilities in Mozilla 1.7 for Sun
Solaris, which can be exploited by malicious people to compromise a
user's system.

For more information:
SA22722

The vulnerabilities are reported in Sun Solaris 8, 9, and 10 for both
the x86 and SPARC platforms.

SOLUTION:
The vendor recommends to disable the JavaScript support.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1

OTHER REFERENCES:
SA22722:
http://secunia.com/advisories/22722/

Collapse -
Miranda IM "ext_yahoo_contact_added()" Format String Vulnera
by Marianna Schmudlach / November 20, 2007 11:01 AM PST

TITLE:
Miranda IM "ext_yahoo_contact_added()" Format String Vulnerability

SECUNIA ADVISORY ID:
SA27402

VERIFY ADVISORY:
http://secunia.com/advisories/27402/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

REVISION:
2.0 originally posted 2007-11-09

SOFTWARE:
Miranda IM 0.x
http://secunia.com/product/7418/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Miranda IM, which
can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a format string error within
"ext_yahoo_contact_added()" in yahoo.c and can be exploited via a "Y7
Buddy Authorization" packet containing format string specifiers.

Successful exploitation allows execution of arbitrary code but
requires that the user e.g. is tricked into connecting to a malicious
server.

The vulnerability is confirmed in version 0.7.1.

SOLUTION:
Update to version 0.7.2.
http://sourceforge.net/project/showfiles.php?group_id=94142

PROVIDED AND/OR DISCOVERED BY:
Secunia Research

CHANGELOG:
2007-11-12: Updated "Solution" section. Added link to vendor.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-89/

Miranda IM:
http://www.miranda-im.org/2007/11/11/miranda-im-v072-released/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.