VULNERABILITIES \ FIXES - November 7, 2008 - November 2008 - Forums - Page 2

- Collapse -

Pre Simple CMS "user" SQL Injection Vulnerability

by Marianna Schmudlach Nov 7, 2008 12:34AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched

Software: Pre Simple CMS

Description:
Hussin X has reported a vulnerability in Pre Simple CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "user" parameter in siteadmin/loginsucess.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/7004

- Collapse -

TurnkeyForms Entertainment Portal "adminLogged" Cookie Secur

by Marianna Schmudlach Nov 7, 2008 12:35AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Unpatched

Software: TurnkeyForms Entertainment Portal

Description:
G4N0K has reported a vulnerability in TurnkeyForms Entertainment Portal, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application allowing access to the admin interface by checking if a certain cookie exists. This can be exploited to gain administrative access to the application by creating the cookie "adminLogged" and assigning it the value "Administrator".

Solution:
Ensure that proper access restrictions are implemented.

Provided and/or discovered by:
G4N0K

Original Advisory:
http://milw0rm.com/exploits/7028

- Collapse -

ModernBill Cross-Site Scripting and "DIR" File Inclusion Vul

by Marianna Schmudlach Nov 7, 2008 12:36AM PST

Release Date: 2008-11-07

Critical:
Highly critical
Impact: Cross Site Scripting
System access

Where: From remote
Solution Status: Unpatched

Software: ModernBill 4.x

Description:
nigh7f411 has reported some vulnerabilities in ModernBill, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

1) Input passed to the "DIR" parameter in include/scripts/export_batch.inc.php, include/scripts/run_auto_suspend.cron.php, include/scripts/send_email_cache.php, include/misc/mod_2checkout/2checkout_return.inc.php, and include/html/nettools.popup.php is not properly verified before being used. This can be exploited to include arbitrary files from local or remote resources.

2) Input passed to the "new_language" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions 4.4.x. Other versions may also be affected.

Solution:
Upgrade to version 5.

Provided and/or discovered by:
nigh7f411

Original Advisory:
http://milw0rm.com/exploits/6916

- Collapse -

WEBBDOMAIN Products "username" SQL Injection Vulnerability

by Marianna Schmudlach Nov 7, 2008 12:37AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched

Software: WEBBDOMAIN Petition 1.x
WEBBDOMAIN Petition 2.x
WEBBDOMAIN Petition 3.x
WEBBDOMAIN Polls 1.x
WEBBDOMAIN Quiz 1.x

Description:
Hakxer has reported a vulnerability in various WEBBDOMAIN products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "username" field when logging in to the admin section is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in the following products and versions:
* WEBBDOMAIN Petition 1.02, 2.0, and 3.0
* WEBBDOMAIN Polls 1.0
* WEBBDOMAIN Quiz 1.02
Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Hakxer

Original Advisory:
http://milw0rm.com/exploits/6983
http://milw0rm.com/exploits/6984
http://milw0rm.com/exploits/6985

- Collapse -

Bugzilla Quips Approval Security Bypass Security Issue

by Marianna Schmudlach Nov 7, 2008 12:38AM PST

Release Date: 2008-11-07

Critical:
Less critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch

Software: Bugzilla 2.x
Bugzilla 3.x

Description:
A security issue has been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to insufficient checks being performed by the quips.cgi script before altering the state of a "quip". This can be exploited to approve or disapprove a "quip" by passing specially crafted parameters to the affected script.

The security issue is reported in versions 2.17.4 and later.

Solution:
Update to version 2.20.7, 2.22.6, or 3.0.6.
http://www.bugzilla.org/download/

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.bugzilla.org/security/2.20.6/

- Collapse -

WEBBDOMAIN WebShop Cross-Site Scripting and SQL Injection

by Marianna Schmudlach Nov 7, 2008 12:39AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched

Software: WEBBDOMAIN WebShop 1.x

Description:
Some vulnerabilities have been reported in WEBDOMAIN WebShop, which can be exploited by malicious people to conduct cross-site scripting and SQL injection vulnerabilities.

1) Input passed to the "id" parameter in detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "name" parameter in detail.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

3) Input passed to the "username" field when logging in to the admin section is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.02. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
1, 2) G4N0K
3) Hakxer

Original Advisory:
1, 2) http://milw0rm.com/exploits/6974
3) http://milw0rm.com/exploits/6986

- Collapse -

WEBBDOMAIN Post Card SQL Injection Vulnerabilities

by Marianna Schmudlach Nov 7, 2008 12:40AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched

Software: WEBBDOMAIN Post Card 1.x

Description:
Some vulnerabilities have been reported in WEBBDOMAIN Post Card, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
1) Hussin X
2) x0r

Original Advisory:
1) http://milw0rm.com/exploits/6977
2) http://milw0rm.com/exploits/6989

- Collapse -

NetMRG "rrdedit" Insecure Temporary Files

by Marianna Schmudlach Nov 7, 2008 12:42AM PST

Release Date: 2008-11-07

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Unpatched

Software: NetMRG 0.x

Description:
A security issue has been reported in NetMRG, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the "rrdedit" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in version 0.20. Other versions may also be affected.

Solution:
Restrict local access to trusted users only.

Provided and/or discovered by:
Reported by Dmitry E. Oboukhov in a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496384

- Collapse -

PrestaShop Multiple Unspecified Vulnerabilities

by Marianna Schmudlach Nov 7, 2008 12:43AM PST

Release Date: 2008-11-07

Critical:
Moderately critical
Impact: Unknown

Where: From remote
Solution Status: Vendor Workaround

Software: PrestaShop 1.x

Description:
Some vulnerabilities with unknown impacts have been reported in PrestaShop.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 1.1 Beta 2 (1.1.0.1).

Solution:
Fixed in version 1.1 Beta 2 (1.1.0.1).

Provided and/or discovered by:
Reported by vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=638105

- Collapse -

BlueCat Meridius Email Gateway libspf2 Buffer Overflow Vulne

by Marianna Schmudlach Nov 7, 2008 12:44AM PST

Release Date: 2008-11-07

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch

OS: BlueCat Meridius Email Gateway

Description:
A vulnerability has been reported in BlueCat Meridius Email Gateway, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "SPF_dns_resolv_lookup()" function in Spf_dns_resolv.c when processing DNS responses. This can be exploited to cause a heap-based buffer overflow via a specially crafted DNS TXT record.

Solution:
Reportedly, the vendor has provided a patch via the Meridius user interface.

Provided and/or discovered by:
Reported in libspf2 by Dan Kaminsky.

Original Advisory:
US-CERT:
http://www.kb.cert.org/vuls/id/183657
http://www.kb.cert.org/vuls/id/MAPG-7JLQN2

- Collapse -

Critical Updates for Adobe

by Marianna Schmudlach Nov 7, 2008 1:11AM PST

Friday, November 7, 2008

There is a critical security update available for Adobe Reader 8 and Acrobat 8. Here's the Security Advisory.

SANS Internet Storm Center is reporting that the Adobe Reader vulnerability is being exploited in the wild.

You want to update as soon as possible.

More: http://www.f-secure.com/weblog/

- Collapse -

Adobe Reader vulnerability exploited in the wild

by Marianna Schmudlach Nov 7, 2008 1:17AM PST

Published: 2008-11-07,
Last Updated: 2008-11-07 15:54:09 UTC
by Bojan Zdrnja (Version: 1)

at the time of writing this article, according to VirusTotal 0 (yes ? ZERO) AV products detected this malicious PDF. Very, very bad.

The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval(unescape()) call.

Once deobfuscated, parts of the publicly posted PoC are visible, but the attackers also modified certain parts. For example, the PoC defines a long number variable (referenced to the advisory by CORE), as shown below:

More: http://isc.sans.org/

- Collapse -

Adobe Reader Exploit Circulating

by Marianna Schmudlach Nov 7, 2008 6:30AM PST

added November 7, 2008 at 03:19 pm

US-CERT is aware of public reports of active exploitation of a recent Adobe Reader vulnerability. This exploit appears to arrive in the form of a maliciously crafted PDF file and leverages the JavaScript buffer overflow vulnerability addressed in Adobe Security Bulletin APSB08-19. Successful exploitation may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Additionally, the reports indicate that this exploit is currently undetectable by common antivirus applications.

US-CERT encourages users and administrators to do the following to help mitigate the risk:

Review Adobe Security Bulletin APS08-19 and update to Adobe Reader 9.
Use caution when opening untrusted files.
Install antivirus software and keep the virus signatures up to date.

http://www.us-cert.gov/current/current_activity.html#adobe_reader_exploit_circulating

- Collapse -

Miscreants hijacking machines via (freshly patched) Adobe fl

by Marianna Schmudlach Nov 7, 2008 6:53AM PST

Miscreants hijacking machines via (freshly patched) Adobe flaw
Is yours next?

By Dan Goodin in San Francisco
7th November 2008

If you haven't updated your Adobe Reader program lately, now would be a good time. Three days after the company rushed out a critical update, miscreants are actively exploiting a security flaw to execute malicious code on vulnerable machines.

The SANS Internet Storm Center says here that researchers have spotted laced PDF files being circulated online. Its discovery comes on the heels of the public release of proof-of-concept code exploiting CVE-2008-2992. According to SANS, none of the 32 top anti-virus programs were detecting the malicious files.

SANS handler Bojan Zdrnja said the PDFs are being spread using drive-by advertisements on sites deemed "suspicious." At the moment, distribution is fairly light, but Zdrnja expects that change soon. Once the rigged PDF is opened, the exploit calls the mshta application in Windows to execute HTA files.

More: http://www.theregister.co.uk/2008/11/07/adobe_reader_exploit/

- Collapse -

Adobe eliminates vulnerability in ColdFusion

by Marianna Schmudlach Nov 7, 2008 1:13AM PST

7 November 2008

A security fix has been issued for Adobe ColdFusion to eliminate a vulnerability that allows an attacker to circumvent access restrictions on the server. Adobe reports, however, that the vulnerability can only be exploited in a shared hosting environment.

More: http://www.heise-online.co.uk/security/Adobe-eliminates-vulnerability-in-ColdFusion--/news/111910

- Collapse -

Only two security updates for upcoming MS patch day

by Marianna Schmudlach Nov 7, 2008 1:14AM PST

7 November 2008

Microsoft has announced just two security updates for its upcoming patch day on 11 November. The software giant rates a vulnerability in Microsoft XML Core Services 3.0 as critical, since it allows code to be executed remotely. The flaw is also present in XML Core Services 4.0 and 6.0, although this is viewed as less critical. Windows 2000, XP, Server 2003, Vista and Server 2008 are affected.

More: http://www.heise-online.co.uk/security/Only-two-security-updates-for-upcoming-MS-patch-day--/news/111911

- Collapse -

Microsoft Releases Advance Notification for November Securit

by Marianna Schmudlach Nov 7, 2008 1:21AM PST

added November 7, 2008 at 08:35 am

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain two bulletins, one of which will have the severity rating of Critical. The notification states that this Critical bulletin is for Microsoft Windows and Office. There will also be one Important bulletin for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 11.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#microsoft_releases_advance_notification_for19

- Collapse -

Researchers crack WPA encryption

by Marianna Schmudlach Nov 7, 2008 1:23AM PST

Pair break code used on half of all wireless traffic

Written by Ian Williams

vnunet.com, 07 Nov 2008

Two researchers have apparently cracked a part of the Wi-Fi Protected Access (WPA) encryption protocol.

Erik Tews and Martin Beck claim to have broken the Temporal Key Integrity Protocol in under 15 minutes. The breakthrough means that data sent from the router to the PC can be scanned, but not the other way around.

Access to this traffic could also enable a hacker to send false information to a client on the network.

More: http://www.vnunet.com/vnunet/news/2230071/researchers-crack-wpa

VULNERABILITIES \ FIXES - November 7, 2008

CNET Forums

Other Forums

Forum Info