VULNERABILITIES \ FIXES - October 10, 2008 - October 2008 - Forums

- Collapse -

Fedora update for condor

by Marianna Schmudlach Oct 10, 2008 1:57AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Security Bypass
DoS
System access

Where: From remote
Solution Status: Vendor Patch

OS: Fedora 9

Description:
Fedora has issued an update for condor. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update condor").

Original Advisory:
FEDORA-2008-8733:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00264.html

Other References:
SA32189:
http://secunia.com/advisories/32189/

- Collapse -

Fedora update for postfix

by Marianna Schmudlach Oct 10, 2008 1:58AM PDT

Release Date: 2008-10-10

Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS

Where: Local system
Solution Status: Vendor Patch

OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and perform certain actions with escalated privileges.

Solution:
Apply updated packages via the yum utility ("yum update postfix").

Original Advisory:
FEDORA-2008-8595:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00271.html

FEDORA-2008-8593:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00287.html

Other References:
SA31485:
http://secunia.com/advisories/31485/

SA31716:
http://secunia.com/advisories/31716/

- Collapse -

Fedora update for dbus

by Marianna Schmudlach Oct 10, 2008 1:59AM PDT

Release Date: 2008-10-10

:
Not critical
Impact: DoS

Where: Local system
Solution Status: Vendor Patch

OS: Fedora 9

Solution:
Apply updated packages via the yum utility ("yum update dbus").

Original Advisory:
FEDORA-2008-8764:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00298.html

Other References:
SA32127:
http://secunia.com/advisories/32127/

- Collapse -

Gentoo Portage Insecure Python Module Search Path Security I

by Marianna Schmudlach Oct 10, 2008 2:01AM PDT

Release Date: 2008-10-10

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch

OS: Gentoo Linux 1.x

Description:
Gentoo has acknowledged a security issue in portage, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to portage including the current working directory into the module search path. This can be exploited by placing a malicious module into a directory (e.g. "/tmp") and then tricking the administrator into using portage to emerge certain packages (e.g. "sys-apps/portage", "net-mail/fetchmail", or "app-editors/leo") in the same directory.

The security issue is reported in all versions prior to 2.1.4.5.

Solution:
Update to "sys-apps/portage-2.1.4.5" from trusted working directory.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
GLSA-200810-02:
http://www.gentoo.org/security/en/glsa/glsa-200810-02.xml

- Collapse -

Sun Java System Web Proxy Server FTP Subsystem Buffer Overfl

by Marianna Schmudlach Oct 10, 2008 2:02AM PDT

Release Date: 2008-10-10

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch

Software: Sun Java System Web Proxy Server 4.x

Description:
A vulnerability has been reported in Sun Java System Web Proxy Server, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error in the FTP subsystem and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 4.0 through 4.0.7.

Solution:
Update to version 4.0.8 or apply patches.

Provided and/or discovered by:
The vendor credits iDefense.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1

- Collapse -

CUPS Multiple Vulnerabilities

by Marianna Schmudlach Oct 10, 2008 2:03AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch

Software: CUPS 1.x

Description:
Some vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system.

Solution:
Update to version 1.3.9.

Provided and/or discovered by:
1) regenrecht, reported via ZDI
2, 3) regenrecht, reported via iDefense

Changelog:
2008-10-10: Updated CVE reference list.

Original Advisory:
CUPS:
http://www.cups.org/relnotes.php#010123
http://www.cups.org/str.php?L2911
http://www.cups.org/str.php?L2918
http://www.cups.org/str.php?L2919

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-067/

- Collapse -

Apple Mac OS X Security Update Fixes Multiple Vulnerabilitie

by Marianna Schmudlach Oct 10, 2008 2:05AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access

Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X

Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

Solution:
Apply Apple Security Update 2008-007.
http://www.apple.com/support/downloads/

Provided and/or discovered by:
The vendor credits Pelle Johansson
11) The vendor credits Ralf Meyer
3, 7, 9, 10, 12, 15) Reported by the vendor

Original Advisory:
Apple Security Update 2008-007:
http://support.apple.com/kb/HT3216

Other References:
SA25301:
http://secunia.com/advisories/25301/

SA27398:
http://secunia.com/advisories/27398/

SA27981:
http://secunia.com/advisories/27981/

SA28046:
http://secunia.com/advisories/28046/

SA28274:
http://secunia.com/advisories/28274/

SA28419:
http://secunia.com/advisories/28419/

SA28834:
http://secunia.com/advisories/28834/

SA28878:
http://secunia.com/advisories/28878/

SA30134:
http://secunia.com/advisories/30134/

SA30500:
http://secunia.com/advisories/30500/

SA30621:
http://secunia.com/advisories/30621/

SA30731:
http://secunia.com/advisories/30731/

SA31159:
http://secunia.com/advisories/31159/

SA31381:
http://secunia.com/advisories/31381/

SA31592:
http://secunia.com/advisories/31592/

SA31725:
http://secunia.com/advisories/31725/

SA32226:
http://secunia.com/advisories/32226/

- Collapse -

Apple Releases Security Update 2008-007

by Marianna Schmudlach Oct 10, 2008 2:21AM PDT

added October 10, 2008 at 09:44 am

Apple has released Security Update 2008-007 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery or cross-site scripting attacks, cause a denial-of-service condition, or operate with escalated privileges.

US-CERT encourages users and administrators to review Apple Article HT3216 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/current_activity.html#apple_releases_security_update_20082

- Collapse -

Apple plugs numerous holes in Tiger and Leopard

by Marianna Schmudlach Oct 10, 2008 2:29AM PDT

10 October 2008

Apple has released Security Update 2008-007 to close numerous security holes in Mac OS X 10.4 (Tiger) and 10.5 (Leopard). Some of the holes only affect the server versions, including a critical hole in MySQL and ClamAV 0.93.3 and less critical vulnerabilities in the weblog and Tomcat web server functionality. Additional critical holes in PHP 4.4.8, the CUPS print service, ColorSync, libxslt, PSNormalizer, Quicklook and in the vim editor can be found both in the respective client and server versions, some of which could allow attackers to inject and execute arbitrary code into systems.

More: http://www.heise-online.co.uk/security/Apple-plugs-numerous-holes-in-Tiger-and-Leopard--/news/111703

- Collapse -

CA ARCserve Backup Multiple Vulnerabilities

by Marianna Schmudlach Oct 10, 2008 2:06AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch

Software: BrightStor ARCserve Backup 11.x (for Windows)
CA ARCserve Backup 12.x
CA Server Protection Suite r2

Description:
Some vulnerabilities have been reported in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Solution:
Apply patches. Please see the vendor's advisory for more information.

Provided and/or discovered by:
The vendor credits:
1) Haifei Li of Fortinet's FortiGuard Global Security Research Team
2, 3) the Vulnerability Research Team of Assurent Secure Technologies
4) Greg Linares of eEye Digital Security

Original Advisory:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

- Collapse -

Re: CA ARCserve Backup Vulnerabilities

by Marianna Schmudlach Oct 10, 2008 2:22AM PDT

added October 10, 2008 at 10:11 am

CA has released a Security Notice to address multiple vulnerabilities in CA ARCserve Backup. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Security Notice and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/current_activity.html#ca_arcserve_backup_vulnerabilities1

- Collapse -

Critical flaws in ARCserve Backup

by Marianna Schmudlach Oct 10, 2008 2:31AM PDT

10 October 2008

A number of vulnerabilities have been found in CA ARCserve Backup that would allow an attacker to take control of the system or at least affect its stability. The problem is caused by a a directory traversal vulnerability and, according to the security notice by CA, insufficient validation of a number of parameters. The report does not say whether these are classic buffer overflows, although this is likely, as buffer overflow problems have been a regular occurrence with ARCserve in recent months.

More: http://www.heise-online.co.uk/security/Critical-flaws-in-ARCserve-Backup--/news/111704

- Collapse -

Ubuntu update for ruby1.8

by Marianna Schmudlach Oct 10, 2008 2:12AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Security Bypass
Spoofing
DoS

Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks.

Solution:
Apply updated packages.

Original Advisory:
USN-651-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2008-October/000759.html

Other References:
SA30924:
http://secunia.com/advisories/30924/

SA31430:
http://secunia.com/advisories/31430/

SA31602:
http://secunia.com/advisories/31602/

- Collapse -

ScriptsEz Easy Image Downloader "id" File Disclosure Vulnera

by Marianna Schmudlach Oct 10, 2008 2:13AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched

Software: ScriptsEz Easy Image Downloader

Description:
JosS has reported a vulnerability in ScriptsEz Easy Image Downloader, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "id" parameter in main.php (when "action" is set to download) is not properly verified before being used to read files. This can be exploited to disclose arbitrary files from local resources via directory traversal attacks.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
JosS

Original Advisory:
http://milw0rm.com/exploits/6715

- Collapse -

DFF PHP Framework API "DFF_config[dir_include]" File Inclusi

by Marianna Schmudlach Oct 10, 2008 2:14AM PDT

Release Date: 2008-10-10

:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched

Software: DFF PHP Framework API

Description:
Some vulnerabilities have been discovered in DFF PHP Framework API, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "DFF_config[dir_include]" parameter in include/DFF_affiliate_client_API.php, include/DFF_featured_prdt.func.php, include/DFF_mer.func.php, include/DFF_mer_prdt.func.php, include/DFF_paging.func.php, include/DFF_rss.func.php, and include/DFF_sku.func.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources

Successful exploitation requires that "register_globals" is enabled.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Tryag.cc/cc

Original Advisory:
http://milw0rm.com/exploits/6700

- Collapse -

Fedora update for ruby

by Marianna Schmudlach Oct 10, 2008 2:16AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Security Bypass
Spoofing
DoS

Where: From remote
Solution Status: Vendor Patch

OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks.

Solution:
Apply updated packages via the yum utility ("yum update ruby").

Original Advisory:
FEDORA-2008-8736:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00299.html

FEDORA-2008-8738:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00259.html

Other References:
SA31430:
http://secunia.com/advisories/31430/

SA31602:
http://secunia.com/advisories/31602/

- Collapse -

Built2go Real Estate Listings "event_id" SQL Injection

by Marianna Schmudlach Oct 10, 2008 2:17AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched

Software: Built2go Real Estate Listings 1.x

Description:
d3v1l has reported a vulnerability in Built2go Real Estate Listings, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "event_id" parameter in event_detail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
d3v1l

Original Advisory:
http://milw0rm.com/exploits/6697

- Collapse -

Red Hat update for cups

by Marianna Schmudlach Oct 10, 2008 2:18AM PDT

Release Date: 2008-10-10

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch

OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for cups. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
RHSA-2008-0937:
http://rhn.redhat.com/errata/RHSA-2008-0937.html

Other References:
SA32226:
http://secunia.com/advisories/32226/

- Collapse -

Eleven security updates from Microsoft next Patch Tuesday

by Marianna Schmudlach Oct 10, 2008 2:28AM PDT

10 October 2008

Microsoft will issue eleven security updates next Tuesday to plug at least four critical security holes in Active Directory, Internet Explorer, Excel, and Host Integration Server. A further six updates, classified as "important", are intended to eliminate vulnerabilities in the Windows operating system.

Another update, termed "moderate", is to an information disclosure issue in Office. The Malicious Software Removal tool will also be updated to the latest version. Other patches, not relating to security, will be distributed via Windows Update and Microsoft Update.

More: http://www.heise-online.co.uk/security/Eleven-security-updates-from-Microsoft-next-Patch-Tuesday--/news/111702

- Collapse -

Turbo-charged wireless hacks threaten networks

by Marianna Schmudlach Oct 10, 2008 3:44AM PDT

Graphics cards encryption skulduggery

By John Leyden ? Get more from this author

Posted in Enterprise Security, 10th October 2008 12:25 GMT

The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response.

Russian firm ElcomSoft has applied GPU acceleration technology to its password recovery tool to allow PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs.

More: http://www.theregister.co.uk/2008/10/10/graphics_card_wireless_hacking/

VULNERABILITIES \ FIXES - October 10, 2008

CNET Forums

Other Forums

Forum Info