Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - November 7, 2008

CDRW-Taper "amlabel-cdrw" Insecure Temporary Files

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: CDRW-Taper 0.x

Description:
A security issue has been reported in CDRW-Taper, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "amlabel-cdrw" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite or delete arbitrary files via symlink attacks.

The security issue is reported in version 0.4. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496380

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - November 7, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - November 7, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
VMware ESX / ESXi Privilege Escalation and Directory Travers

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: VMware ESX Server 2.x
VMware ESX Server 3.x
VMware ESXi 3.x

Description:
Some vulnerabilities have been reported in VMware ESX and ESXi, which can be exploited by malicious, local users to gain escalated privileges.

Solution:
Update to the latest version or apply patches.

Provided and/or discovered by:
The vendor credits:
1) Derek Soeder
2) Michel Toussaint

Original Advisory:
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Other References:
SA32612:
http://secunia.com/advisories/32612/

Collapse -
Flaw in VMware's CPU emulation allows privilege elevation
Collapse -
HP Tru64 UNIX AdvFS "showfile" Privilege Escalation Vulnerab

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: HP Tru64 UNIX 5.x

Description:
A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an unspecified error within the AdvFS "showfile" command, which can be exploited to gain escalated privileges.

The vulnerability is reported in HP Tru64 UNIX version 5.1B-4 and 5.1B-3.

Solution:
Apply ERP kits.

HP Tru64 UNIX v 5.1B-4:
http://www.itrc.hp.com/service/patch/...hid=T64KIT1001551-V51BB27-ES-20081015

HP Tru64 UNIX v 5.1B-3:
http://www.itrc.hp.com/service/patch/...hid=T64KIT1001540-V51BB26-ES-20080916

Provided and/or discovered by:
The vendor credits Ilja van Sprundel.

Original Advisory:
HPSBTU02383 SSRT080098:
http://itrc.hp.com/service/cki/docDisplay.do?docId=c01599842

Collapse -
Fedora update for php-Smarty

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for php-Smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update php-Smarty").

Original Advisory:
FEDORA-2008-9401:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00093.html

FEDORA-2008-9420:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00117.html

Other References:
SA32329:
http://secunia.com/advisories/32329/

Collapse -
Fedora update for cman, gfs2-utils, and rgmanager

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for cman, gfs2-utils, and rgmanager. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Apply updated packages via the yum utility ("yum update cman gfs2-utils rgmanager").

Original Advisory:
FEDORA-2008-9458:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00163.html
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00164.html
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00165.html

Other References:
SA32602:
http://secunia.com/advisories/32602/

Collapse -
Fedora update for drupal-cck

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for drupal-cck. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks.

Solution:
Apply updated packages via the yum utility ("yum update drupal-cck").

Original Advisory:
FEDORA-2008-9479:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00178.html

Other References:
SA32572:
http://secunia.com/advisories/32572/

Collapse -
Fedora update for ipsec-tools

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for ipsec-tools. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update ipsec-tools").

Original Advisory:
FEDORA-2008-9007:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00129.html

FEDORA-2008-9016:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00190.html

Other References:
SA31450:
http://secunia.com/advisories/31450/

SA31478:
http://secunia.com/advisories/31478/

Collapse -
Mole Group Pizza Online Ordering Script "manufacturers_id" S

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Mole Group Pizza Online Ordering Script

Description:
Cyb3r-1sT has reported a vulnerability in Mole Group Pizza Online Ordering Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "manufacturers_id" in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Filter malicious characters or character sequences using a proxy.

Provided and/or discovered by:
Cyb3r-1sT

Original Advisory:
http://milw0rm.com/exploits/7030

Collapse -
VMware Products Privilege Escalation Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


Software: VMware ACE 1.x
VMWare ACE 2.x
VMware Player 1.x
VMWare Player 2.x
VMware Server 1.x
VMware Workstation 5.x
VMware Workstation 6.x

Description:
A vulnerability has been reported in various VMware products, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in the CPU hardware emulation when handling the Trap flag, which can be exploited by a local user on a guest operating system to gain escalated privileges.

Please see vendor's advisory for a list of affected products and versions.

Provided and/or discovered by:
The vendor credits Derek Soeder.

Original Advisory:
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Collapse -
Nagios "cmd.cgi" Cross-Site Request Forgery

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Nagios 3.x

Description:
Andreas Ericsson has discovered a vulnerability in Nagios, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests to "cmd.cgi" without performing any validity checks to verify the request. This can be exploited to execute certain Nagios commands (e.g. to disable notifications) when a logged-in administrator visits a malicious web site.

The vulnerability is confirmed in version 3.0.5. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged in to the application.

Provided and/or discovered by:
Andreas Ericsson

Original Advisory:
http://www.openwall.com/lists/oss-security/2008/11/06/2

Collapse -
Ubuntu update for tk

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for tk. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-664-1:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-November/000772.html

Other References:
SA28784:
http://secunia.com/advisories/28784/

Collapse -
Ubuntu update for netpbm

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for netpbm. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-665-1:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-November/000773.html

Other References:
SA20729:
http://secunia.com/advisories/20729/

Collapse -
Cluster Project Unspecified Insecure Temporary Files

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


Software: Cluster Project 2.x

Description:
Some security issues have been reported in Cluster Project, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to unspecified scripts provided by the CMAN, rgmanager, and gfs2 components using temporary files in an insecure manner. This can be exploited to perform unspecified actions with escalated privileges.

The security issues are reported in versions prior to 2.03.09.

Solution:
Update to version 2.03.09.

Provided and/or discovered by:
Reported via Fedora update advisories.

Changelog:
2008-11-07: Updated "Description" section with information about additionally affected components. Added links to the "Original Advisory" section.

Original Advisory:
FEDORA-2008-9458:
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00163.html
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00164.html
https://www.redhat.com/archives/fedor...-announce/2008-November/msg00165.html

http://secunia.com/advisories/32602/

Collapse -
TestLink Multiple Script Insertion Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Workaround


Software: TestLink 1.x

Description:
Some vulnerabilities have been reported in TestLink, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via e.g. test project and test plan names is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

The vulnerabilities are reported in versions prior to 1.8 RC1.

Solution:
Fixed in unstable version 1.8 RC1.

Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=638751

Collapse -
DevelopItEasy Events Calendar Multiple SQL Injection Vulnera

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: DevelopItEasy Events Calendar 1.x



Description:
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Events Calendar, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in calendar_details.php and to the "user_name" and "user_pass" parameters in admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyb3r-1sT

Original Advisory:
http://milw0rm.com/exploits/7013

Collapse -
DevelopItEasy News And Article System Multiple SQL Injection

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: DevelopItEasy News And Article System 1.x



Description:
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy News And Article System, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "aid" parameter in article_details.php and to the "user_name" and "user_pass" parameters in admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 1.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyb3r-1sT

Original Advisory:
http://milw0rm.com/exploits/7014

Collapse -
DevelopItEasy Membership System Multiple SQL Injection Vulne

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: DevelopItEasy Membership System 1.x

Description:
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Membership System, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "email" and "password" parameters in customer_login.php and to the "user_name" and "user_pass" parameters in admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 1.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyb3r-1sT

Original Advisory:
http://milw0rm.com/exploits/7015

Collapse -
DevelopItEasy Photo Gallery Multiple SQL Injection Vulnerabi

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: DevelopItEasy Photo Gallery 1.x

Description:
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat_id" parameter in gallery_category.php, to the "photo_id" parameter in gallery_photo.php and to the "user_name" and "user_pass" parameters in admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyb3r-1sT

Original Advisory:
http://milw0rm.com/exploits/7016

Collapse -
TurnkeyForms Local Classifieds "r" SQL Injection Vulnerabili

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: TurnkeyForms Local Classifieds

Description:
TR-ShaRk has reported a vulnerability in TurnkeyForms Local Classifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "r" parameter in listtest.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Note: This can also be exploited to conduct cross-site scripting attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
TR-ShaRk

Original Advisory:
http://milw0rm.com/exploits/7035

Collapse -
DigitalDJ fest.pl Insecure Temporary Files

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: DigitalDJ 0.x

Description:
A security issue has been reported in DigitalDJ, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the fest.pl script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in version 0.7.5. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496399

Collapse -
lmbench Insecure Temporary Files

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: lmbench 2.x

Description:
Some security issue have been reported in lmbench, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to the "scripts/****" and "scripts/rccs" scripts using temporary files in an insecure manner. This can be exploited to overwrite arbitrary files via symlink attacks.

NOTE: Similar security issues in src/rhttp.c, src/lat_fcntl.c, src/lat_fifo.c, src/lat_proc.c, and src/lmhttp.c have also been reported.

The security issues affect version 2.5. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov and Thijs Kinkhorst in a Debian bug report for development version 3.0-a7.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496427

Collapse -
PHP Classifieds "admin_username" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: PHP Classifieds 7.x

Description:
ZoRLu has reported a vulnerability in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "admin_username" parameter in login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
ZoRLu

Original Advisory:
http://milw0rm.com/exploits/7023

Collapse -
Silva "fulltext" Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Silva 1.x
Silva 2.x

Description:
Russ McRee has reported a vulnerability in Silva, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "fulltext" parameter to the Silva Find component when performing a search is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in Silva Find version 1.1.5 and prior included in Silva prior to 2.1.0.2, 2.0.12.2, and 1.6.3.2.

Solution:
Update to version 2.1.0.2, 2.0.12.2, or 1.6.3.2.

Provided and/or discovered by:
Russ McRee, HolisticInfoSec

Original Advisory:
http://holisticinfosec.org/content/view/91/45/

Collapse -
Sun SPARC System Firmware Unauthorised Data Access

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Not critical
Impact: Security Bypass

Where: Local system
Solution Status: Vendor Patch


OS: Sun System Firmware 6.6.x
Sun System Firmware 7.1.x

Description:
A vulnerability has been reported in Sun System Firmware, which can be exploited by malicious, local users to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error in the firmware for certain Sun SPARC systems, which can be exploited by privileged users to access memory in another logical domain.

The vulnerability affects systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors.

Solution:
Update to fixed versions.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1

Collapse -
EC-CUBE "image" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: EC-CUBE 1.x
EC-CUBE 2.x

Description:
A vulnerability has been reported in EC-CUBE, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
The vendor has released updated versions:
http://www.ec-cube.net/download/index.php

Provided and/or discovered by:
Reported via JPCERT/CC.

Original Advisory:
http://jvn.jp/en/jp/JVN19072922/index.html

Collapse -
SUSE Update for Multiple Packages

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07



Critical:
Moderately critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Updated packages are available via YaST Online Update or the SUSE FTP server.

Original Advisory:
SUSE-SR:2008:024:
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

Other References:
SA28046:
http://secunia.com/advisories/28046/

SA31384:
http://secunia.com/advisories/31384/

SA32137:
http://secunia.com/advisories/32137/

Collapse -
IBM HMC RMC Daemon Denial of Service Vulnerability

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


OS: IBM Hardware Management Console (HMC)

Description:
A vulnerability has been reported in IBM Hardware Management Console (HMC), which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the Resource Monitoring and Control (RMC) daemon and can be exploited to crash the daemon via a specially crafted packet with an invalid client packet length.

Solution:
Update to version 7 Release 3.3.0 SP2 or Release 3.2.0 SP1.
https://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (MH01133, MH01134):
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4441
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4442

http://secunia.com/advisories/32571/

Collapse -
Firewall Builder "fwb_install" Insecure Temporary Files

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched


Software: Firewall Builder 2.x

Description:
A security issue has been reported in Firewall Builder, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the src/tools/fwb_install script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in version 2.1.19. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496406

Collapse -
TurnkeyForms Software Directory Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: TurnkeyForms Software Directory

Description:
G4N0K has reported some vulnerabilities in TurnkeyForms Software Directory, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "cid" parameter in showcategory.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "msg" parameter in signinform.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session, in the context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
G4N0K

Original Advisory:
http://milw0rm.com/exploits/7027

Collapse -
TurnkeyForms Business Survey Pro "id" SQL Injection Vulnerab

In reply to: VULNERABILITIES \ FIXES - November 7, 2008

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: TurnkeyForms Business Survey Pro

Description:
G4N0K has reported a vulnerability in TurnkeyForms Business Survey Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in survey_results_text.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
G4N0K

Original Advisory:
http://milw0rm.com/exploits/7029

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.