Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - November 5, 2007

Avaya CMS / IR Sun Solaris Kernel Statistics Retrieval Denial of Service


Secunia Advisory: SA27536
Release Date: 2007-11-05


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Partial Fix


OS: Avaya Call Management System (CMS)



Software: Avaya Interactive Response 1.x



Description:
Avaya has acknowledged some vulnerabilities in Avaya CMS and IR, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

For more information:
SA27306

The vulnerabilities affect the following products and versions:
* Avaya CMS R12, R13/R13.1, R14
* Avaya IR 1.3 and 2.0 on Solaris 8
* Avaya IR 2.0 and 3.0 on Solaris 10

Solution:
Avaya CMS R14:
Install r14ba.a (available from support.avaya.com).

Avaya IR 1.3 and 2.0 on Solaris 8:
Install Solaris 8 patch 117350-50.

Avaya IR 2.0 and 3.0 on Solaris 10:
Install Solaris 10 patch 127111-01.

Avaya CMS R12, R13/R13.1:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2007-452.htm

Other References:
SA27306:
http://secunia.com/advisories/27306/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - November 5, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - November 5, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
SyndeoCMS "cmsdir" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27527
Release Date: 2007-11-05


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: SyndeoCMS 2.x

Description:
Mdx has reported a vulnerability in SyndeoCMS, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "cmsdir" parameter in starnet/themes/c-sky/main.inc.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 2.5.01. Prior versions may also be affected.

Solution:
The vendor has released a fixed version 2.5.01 on 2007-11-05.

Provided and/or discovered by:
Mdx

Original Advisory:
SyndeoCMS:
http://www.syndeocms.org/forum/index.php?topic=1737.0

http://milw0rm.com/exploits/4607

Collapse -
Mandriva update for opal

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27524
Release Date: 2007-11-05


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for opal. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

For more information:
SA27129

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:205

Other References:
SA27129:
http://secunia.com/advisories/27129/

Collapse -
Mandriva update for pwlib

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27518
Release Date: 2007-11-05


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for pwlib. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA27127

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:206

Other References:
SA27127:
http://secunia.com/advisories/27127/

Collapse -
E-Vendejo "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27517
Release Date: 2007-11-05


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: E-Vendejo 0.x

Description:
R00T[ATI] has reported a vulnerability in E-Vendejo, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in articles.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 0.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
R00T[ATI], Inclusion Hunter Team

Original Advisory:
http://www.ihteam.net/exploits/e-vendejo-0.2.txt

Collapse -
Sun SRS Net Connect Software Format String Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27512
Release Date: 2007-11-05


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: Sun SRS NetConnect Software 3.x

Description:
A vulnerability has been reported in SRS Net Connect Software, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a format string error and can be exploited to execute arbitrary code with root privileges.

The vulnerability is reported in version 3.2.3 without patch 125713-02 and version 3.2.4 without patch 123870-03.

Solution:
Apply patches.

SRS Net Connect Software version 3.2.3 (for Solaris 8, 9 and 10):
Apply patch 125713-02 or later.

SRS Net Connect Software version 3.2.4 (for Solaris 8, 9 and 10):
Apply patch 123870-03 or later.

Provided and/or discovered by:
The vendor credits Sean Larsson, iDefense Labs.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1

Collapse -
GNU Emacs Local Variable Processing Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27508
Release Date: 2007-11-05


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Workaround


Software: GNU Emacs 22.x

Description:
Drake Wilson has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the "hack-local-variables" function where local variables within a file are processed in an insecure manner. This can be exploited to e.g. modify a user's user-init-file and execute arbitrary Emacs Lisp code when a specially crafted file is opened.

Successful exploitation requires that "enable-local-variables" is set to ":safe".

The vulnerability is reported in version 22.1. Other versions may also be affected.

Solution:
Fixed in the CVS repository.
http://cvs.savannah.gnu.org/viewvc/em...es.el?r1=1.896.2.28&r2=1.896.2.29

Provided and/or discovered by:
Drake Wilson

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

Collapse -
Helios Calendar "username" Cross-Site Scripting Vulnerabilit

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27490
Release Date: 2007-11-05


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Helios Calendar 1.x

Description:
Ivan Sanchez and Maximiliano Soler have reported a vulnerability in Helios Calendar, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "username" parameter in admin/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.2.1 Beta. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Ivan Sanchez and Maximiliano Soler, Null Code Services

Collapse -
SF-Shoutbox "nick" and "shout" Script Insertion Vulnerabilit

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27487
Release Date: 2007-11-05


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: SF-Shoutbox 1.x

Description:
SkyOut has reported some vulnerabilities in SF-Shoutbox, which can be exploited by malicious people to conduct script insertion attacks.

Input passed to the parameters "nick" and "shout" are not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is reported in version 1.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Use another product.

Provided and/or discovered by:
SkyOut

Original Advisory:
http://www.smash-the-stack.net/articles/SF-Shoutbox_Injection_Advisory.txt

Collapse -
NetCommons Unspecified Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27484
Release Date: 2007-11-05


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: NetCommons 1.x

Description:
A vulnerability has been reported in NetCommons, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of the affected site.

The vulnerability is reported in 1.0.X prior to version 1.0.11 and 1.1.X prior to version 1.1.2

Solution:
Update to version 1.0.11 or 1.1.2.

Provided and/or discovered by:
EKYUASUKAI Technology Co., Ltd. Hiroshi Hukumori

Original Advisory:
NetCommons:
http://www.netcommons.org/modules/jou...1&news_id=316&op=comment#2121

JVN:
http://jvn.jp/jp/JVN%2379295963/index.html

Collapse -
BitchX "e_hostname()" Insecure Temporary File Creation

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

Secunia Advisory: SA27463
Release Date: 2007-11-05


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


Software: BitchX 1.x

Description:
A security issue has been reported in BitchX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "e_hostname()" function creating a temporary file insecurely using the "tmpnam()" function when the user issues the "HOSTNAME" or the "IRCHOST" command. This can be exploited to overwrite arbitrary files on the local system with the privileges of the user running BitchX.

The security issue is reported in version 1.1a. Other versions may also be affected.

Solution:
Restrict access to trusted users only. Do not use the "HOSTNAME" and "IRCHOST" commands.

Provided and/or discovered by:
Nico Golde, Debian

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149

Collapse -
EDraw Flowchart ActiveX Control EDImage Control Insecure Met

In reply to: VULNERABILITIES \ FIXES - November 5, 2007

EDraw Flowchart ActiveX Control EDImage Control Insecure Method

Secunia Advisory: SA27462
Release Date: 2007-11-05


Critical:
Highly critical
Impact: Manipulation of data
System access

Where: From remote

Solution Status: Unpatched


Software: EDraw Flowchart ActiveX Control 2.x

Description:
shinnai has discovered a vulnerability in EDraw Flowchart ActiveX Control, which can be exploited by malicious people to overwrite arbitrary files and compromise a user's system.

The vulnerability is caused due to the EDIMAGE.EDImageCtrl.1 ActiveX control (EDImage.ocx) including the insecure "HttpDownloadFile()" method. This can be exploited to download an arbitrary file to an arbitrary location on a user's system.

The vulnerability is confirmed in version 2.3. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
shinnai

Original Advisory:
http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!