Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - November 3, 2008

by Marianna Schmudlach / November 2, 2008 11:43 PM PST

Net-snmp GETBULK Integer Overflow Denial of Service


Release Date: 2008-11-03

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


Software: Net-snmp 5.x

Description:
A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an integer overflow error within the "netsnmp_create_subtree_cache()" function in agent/snmp_agent.c. This can be exploited to cause a crash via a specially crafted SNMP GETBULK request.

The vulnerability is reported in 5.2.x versions prior to 5.2.5.1, 5.3.x versions prior to 5.3.2.3, and 5.4.x versions prior to 5.4.2.1.

Solution:
Update to version 5.2.5.1, 5.3.2.3, or 5.4.2.1.

Provided and/or discovered by:
Oscar Mira-Sanchez, reported via ZDI.

Original Advisory:
http://sourceforge.net/forum/forum.php?forum_id=882903
http://sourceforge.net/tracker/index....39&group_id=12694&atid=112694

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - November 3, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - November 3, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
GeSHi Unspecified Code Execution Vulnerability
by Marianna Schmudlach / November 2, 2008 11:44 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: GeSHi 1.x

Description:
A vulnerability has been reported in GeSHI, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error, which may allow execution of arbitrary code on an affected system.

The vulnerability is reported in versions prior to 1.0.8.1.

Solution:
Update to version 1.0.8.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=637321

Collapse -
SFS Multiple Products "cat_id" SQL Injection
by Marianna Schmudlach / November 2, 2008 11:46 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Adult Directory
SFS EZ Affiliate
SFS EZ Gaming Directory
SFS EZ Home Business Directory
SFS EZ Hosting Directory
SFS EZ Links Directory

Description:
A vulnerability has been reported in multiple SFS products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat_id" parameter in directory.php (when "ax" is set to "list") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in the following SFS products:
- SFS EZ Links Directory
- SFS EZ Adult Directory
- SFS EZ Hosting Directory
- SFS EZ Home Business Directory
- SFS EZ Gaming Directory
- SFS EZ Affiliate

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
BeyazKurt and Darckc0de

Original Advisory:
http://milw0rm.com/exploits/6911
http://milw0rm.com/exploits/6908
http://milw0rm.com/exploits/6907
http://milw0rm.com/exploits/6906
http://milw0rm.com/exploits/6905
http://milw0rm.com/exploits/6895

Collapse -
SFS EZ BIZ PRO "id" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:47 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ BIZ PRO

Description:
d3b4g has reported a vulnerability in SFS EZ BIZ PRO, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in directory.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
d3b4g

Original Advisory:
http://milw0rm.com/exploits/6910

Collapse -
SFS EZ Webring "cat" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:48 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Webring

Description:
d3b4g has reported a vulnerability in SFS EZ Webring, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat" parameter in category.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
d3b4g

Original Advisory:
http://milw0rm.com/exploits/6913

Collapse -
Tribiq CMS "template_path" Cross-Site Scripting and Local Fi
by Marianna Schmudlach / November 2, 2008 11:49 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Tribiq CMS 5.x

Description:
Some vulnerabilities have been discovered in Tribiq CMS, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly verified and sanitised.

Provided and/or discovered by:
1) GoLd_M
2) an anonymous researcher

Original Advisory:
http://milw0rm.com/exploits/6888

Collapse -
Logz CMS "art" SQL Injection and Cross-Site Scripting
by Marianna Schmudlach / November 2, 2008 11:50 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Logz CMS 1.x

Description:
Some vulnerabilities have been discovered in Logz CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) ZoRLu
2) an anonymous researcher

Original Advisory:
http://milw0rm.com/exploits/6896

Collapse -
SFS EZ Hotscripts-like Site Multiple SQL Injection Vulnerabi
by Marianna Schmudlach / November 2, 2008 11:51 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Hotscripts-like Site

Description:
Some vulnerabilities have been reported in SFS EZ Hotscripts-like Site, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) TR-ShaRk
2) x0r

Original Advisory:
1) http://milw0rm.com/exploits/6903
2) http://milw0rm.com/exploits/6915

Collapse -
SFS EZ Hot ot Not "phid" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:52 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Hot ot Not

Description:
d3b4g has reported a vulnerability in SFS EZ Hot ot Not, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "phid" parameter in viewcomments.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
d3b4g

Original Advisory:
http://milw0rm.com/exploits/6914

Collapse -
SFS EZ Auction "cat" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:53 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Exposure of sensitive information
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Auction

Description:
Mountassif Moad has reported a vulnerability in SFS EZ Auction, which can be exploited by malicious people to conduct SQL Injection attacks.

Input passed to the "cat" parameter in viewfaqs.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure input is properly sanitised.

Provided and/or discovered by:
Mountassif Moad

Original Advisory:
http://milw0rm.com/exploits/6918

Collapse -
SFS EZ Career "topic" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:54 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Career

Description:
Mountassif Moad has reported a vulnerability in SFS EZ Career, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "topic" parameter in content.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Mountassif Moad

Original Advisory:
http://milw0rm.com/exploits/6919

Collapse -
SFS EZ Top Sites "ts" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:55 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Top Sites

Description:
Mountassif Moad has reported a vulnerability in SFS EZ Top Sites, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ts" parameter in topsite.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Mountassif Moad

Original Advisory:
http://milw0rm.com/exploits/6920

Collapse -
SFS EZ e-store "where" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:56 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ e-store

Description:
ZoRLu has reported a vulnerability in SFS EZ e-store, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "where" parameter in SearchResults.php (when "ord1" is set to a valid field name) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
ZoRLu

Original Advisory:
http://milw0rm.com/exploits/6922

Collapse -
SFS EZ Pub Site "cat" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:57 PM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Pub Site

Description:
Hakxer has reported a vulnerability in SFS EZ Pub Site, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat" parameter in directory.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hakxer

Original Advisory:
http://milw0rm.com/exploits/6923

Collapse -
SFS EZ Gaming Cheats "id" SQL Injection Vulnerability
by Marianna Schmudlach / November 2, 2008 11:58 PM PST

Release Date: 2008-11-03
Popularity: 116 views


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: SFS EZ Gaming Cheats

Description:
ZoRLu has reported a vulnerability in SFS EZ Gaming Cheats, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in view_reviews.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised

Provided and/or discovered by:
ZoRLu

Original Advisory:
http://milw0rm.com/exploits/6924

Collapse -
Joomla Flash Tree Gallery Component "mosConfig_live_site" Fi
by Marianna Schmudlach / November 2, 2008 11:59 PM PST

Release Date: 2008-11-03

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: Flash Tree Gallery 1.x (component for Joomla!)

Description:
NoGe has reported a vulnerability in the Flash Tree Gallery component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "mosConfig_live_site" parameter in administrator/components/com_treeg/admin.treeg.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
NoGe

Original Advisory:
http://milw0rm.com/exploits/6928

Collapse -
Article Publisher Pro SQL Injection Vulnerabilities
by Marianna Schmudlach / November 3, 2008 12:00 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Article Publisher Pro 1.x

Description:
Some vulnerabilities have been reported in Article Publisher Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) Mountassif Moad
2) Hakxer

Original Advisory:
1) http://milw0rm.com/exploits/6917
2) http://milw0rm.com/exploits/6912

Collapse -
Dns2tcp "dns_decode()" Buffer Overflow Vulnerability
by Marianna Schmudlach / November 3, 2008 12:01 AM PST

Release Date: 2008-11-03

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: Dns2tcp 0.x

Description:
A vulnerability has been reported in Dns2tcp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "dns_decode()" function in server/dns_decode.c. This can be exploited to cause a buffer overflow via specially crafted encoded DNS data.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 0.4.2.

Solution:
Update to version 0.4.2.

Provided and/or discovered by:
The vendor credits John Lampe.

Collapse -
RateMe Cross-Site Scripting and Cross-Site Request Forge
by Marianna Schmudlach / November 3, 2008 12:02 AM PST

Release Date: 2008-11-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: RateMe 1.x



Description:
Russ McRee has reported some vulnerabilities in RateMe, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.

Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites while being logged-in to the application.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Original Advisory:
http://holisticinfosec.org/content/view/85/45/

Collapse -
SignMe "hash" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / November 3, 2008 12:03 AM PST

Release Date: 2008-11-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: SignMe 1.x

Description:
Russ McRee has discovered a vulnerability in SignMe, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "hash" parameter to signme.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in 1.5 and confirmed in 1.55. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Original Advisory:
http://holisticinfosec.org/content/view/88/45/

Collapse -
MyGallery "mghash" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / November 3, 2008 12:05 AM PST

Release Date: 2008-11-03

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: MyGallery 1.x

Description:
Russ McRee has discovered a vulnerability in MyGallery, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "mghash" parameter in gallery.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.7.2 and confirmed in version 1.8.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Original Advisory:
http://holisticinfosec.org/content/view/86/45/

Collapse -
YourFreeWorld Products "id" SQL Injection Vulnerability
by Marianna Schmudlach / November 3, 2008 12:06 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: YourFreeWorld Autoresponder Hosting Script
YourFreeWorld Blog Blaster Script
YourFreeWorld Reminder Service Script

Description:
Hussin X has reported a vulnerability in various YourFreeWorld products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in tr.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in the following products:
* Reminder Service Script
* Blog Blaster Script
* Autoresponder Hosting Script

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6938
http://milw0rm.com/exploits/6943
http://milw0rm.com/exploits/6944

Collapse -
YourFreeWorld Shopping Cart Script "c" SQL Injection Vulnera
by Marianna Schmudlach / November 3, 2008 12:07 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: YourFreeWorld Shopping Cart Script with Affiliate Program



Description:
Hussin X has reported a vulnerability in YourFreeWorld Shopping Cart Script with Affiliate Program, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "c" parameter in index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6952

Collapse -
Joovili Multiple Cookie Security Bypass Vulnerability
by Marianna Schmudlach / November 3, 2008 12:08 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Unpatched


Software: Joovili 3.x

Description:
ZoRLu has reported a vulnerability in Joovili, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application allowing access to the admin interface by checking if certain cookies exist. This can be exploited to gain administrative access to the application by creating the cookies "session_admin_id" with the value "1", "session_admin_username" with the value "admin", and "session_admin" with the value "true".

This vulnerability is reported in version 3.1.4. Other versions may also be affected.

Solution:
Ensure that proper access restrictions are implemented.

Provided and/or discovered by:
ZoRLu

Original Advisory:
http://milw0rm.com/exploits/6955

Collapse -
NetRisk Cross-Site Scripting and SQL Injection Vulnerabiliti
by Marianna Schmudlach / November 3, 2008 12:09 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: NetRisk 2.x

Description:
StAkeR has discovered some vulnerabilities in NetRisk, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

The vulnerabilities are confirmed in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR

Original Advisory:
http://milw0rm.com/exploits/6957

Collapse -
Chipmunk CMS "reguser.php" Security Bypass Vulnerability
by Marianna Schmudlach / November 3, 2008 12:10 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Unpatched


Software: Chipmunk CMS 1.x

Description:
JosS has discovered a vulnerability in Chipmunk CMS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the "board/admin/reguser.php" script not being properly restricted to administrators. This can be exploited to e.g. add new administrative users by sending certain POST requests to the affected script.

The vulnerability is confirmed in version 1.3. Other versions may also be affected.

Solution:
Restrict access to the admin area (e.g. via ".htaccess").

Provided and/or discovered by:
JosS

Original Advisory:
http://milw0rm.com/exploits/6959

Collapse -
deV!L'z Clanportal "users" SQL Injection Vulnerability
by Marianna Schmudlach / November 3, 2008 12:11 AM PST

Release Date: 2008-11-03

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: deV!L'z Clanportal 1.x

Description:
h0yt3r has discovered a vulnerability in deV!L'z Clanportal, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "users" parameter in index.php (if "action" is set to "buddys" and "do" is set to "addbuddy") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.4.9.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
h0yt3r

Original Advisory:
http://milw0rm.com/exploits/6961

Collapse -
Google closes critical security hole in Android
by Marianna Schmudlach / November 3, 2008 12:48 AM PST
Collapse -
Microsoft: Trojans are huge and China is tops in browser exp
by Marianna Schmudlach / November 3, 2008 1:25 AM PST

November 3, 2008 5:00 AM PST
Microsoft: Trojans are huge and China is tops in browser exploits

Posted by Elinor Mills

China gets more browser-based exploits than any other country, according to the Microsoft Security Intelligence Report for the first half of 2008.

(Credit: Microsoft)

Three things you might not know: Vulnerabilities are decreasing but becoming easier to exploit. Trojans are the biggest threat. And Chinese computers are infected with more browser-based exploits than anywhere else.

Those are findings in the Microsoft Security Intelligence Report, due to be released on Monday. Covering the first half of this year, the report provides statistics compiled from Microsoft's Malware Protection Center that reveal trends about threats, breaches, and infection rates.

More: http://news.cnet.com/8301-1009_3-10080428-83.html

Collapse -
UW-imapd "tmail" and "dmail" Buffer Overflow Vulnerabilities
by Marianna Schmudlach / November 3, 2008 3:16 AM PST

Release Date: 2008-11-03

Critical:
Moderately critical
Impact: Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch

Software: UW-imapd

Description:
Two vulnerabilities have been reported in UW-imapd, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names.

The vulnerabilities are reported in versions prior to 2007d.

Solution:
Update to version 2007d.
ftp://ftp.cac.washington.edu/imap

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.