VULNERABILITIES \ FIXES - October 15, 2008

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: BEA WebLogic Workshop 8.x

Description:
A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an unspecified error within NetUI pageflows, which can be exploited to access restricted information.

Solution:
Upgrade to WebLogic Workshop Service Pack 6 or a newer version (9.2 or later).
http://www.oracle.com/technology/software/products/ias/bea_main.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://support.bea.com/application_c...portlets/securityadvisories/2805.html

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: BEA WebLogic Workshop 8.x
BEA Workshop for WebLogic 10.x
BEA Workshop for WebLogic 9.x

Description:
A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an unspecified error within NetUI tags, which can be exploited to access restricted information.

The vulnerability is reported in the following versions:
* Oracle WebLogic Server 10.0 released through Maintenance Pack 1
* Oracle WebLogic Server 9.2 released through Maintenance Pack 3
* Oracle WebLogic Server 9.1
* Oracle WebLogic Server 9.0
* Oracle WebLogic Server 8.1 Service Pack 4 through Service Pack 6

Solution:
Apply patches (see vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://support.bea.com/application_c...portlets/securityadvisories/2803.html

Release Date: 2008-10-15

Critical:
Highly critical
Impact: Security Bypass
DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: BEA WebLogic Server 10.x
BEA WebLogic Server 6.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
BEA WebLogic Server 9.x

Description:
Some vulnerabilities have been reported in BEA WebLogic Server, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

Solution:
Apply the patches (see vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://support.bea.com/application_c...portlets/securityadvisories/2806.html
https://support.bea.com/application_c...portlets/securityadvisories/2804.html
https://support.bea.com/application_c...portlets/securityadvisories/2801.html

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Unknown

Where: From remote
Solution Status: Vendor Patch


Software: JD Edwards EnterpriseOne Tools 8.x
Oracle Application Server 10g
Oracle Database 10.x
Oracle Database 11.x
Oracle E-Business Suite 11i
Oracle E-Business Suite 12.x
Oracle PeopleSoft Enterprise Portal Solutions 8.x
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
PeopleSoft PeopleTools 8.x



Description:
Some vulnerabilities with unknown impacts have been reported in various Oracle products.

The vulnerabilities are caused due to unspecified errors. No more information is currently available.

Solution:
Apply patches (see the vendor's advisory).

Provided and/or discovered by:
The vendor credits:
* Esteban Martinez Fayo, Application Security, Inc.
* Pete Finnigan
* Tony Fogarty, DNV
* guyp, Sentrigo
* Jack Kanter, Integrigy
* Joxean Koret
* Alexander Kornbrust, Red Database Security
* Slavik Markovich, Sentrigo
* Amichai Shulman, Imperva, Inc.
* Chris Valasek, IBM Corp.

Original Advisory:
Oracle:
http://www.oracle.com/technology/depl...ritical-patch-updates/cpuoct2008.html

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Webscene eCommerce

Description:
Angela Chang has reported a vulnerability in Webscene eCommerce, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "level" parameter in productlist.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and passwords.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Angela Chang

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: System access

Where: From local network
Solution Status: Unpatched


OS: Sun Solaris 8
Sun Solaris 9

Description:
Adriano Lima has reported a vulnerability in Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "adm_build_path()" function in the Solstice AdminSuite distributed system administration daemon ("sadmind"). This can be exploited to cause a stack-based buffer overflow via specially crafted RPC requests.

The vulnerability is reported in Solaris 8 and 9 for both the SPARC and x86 platforms. Other versions may also be affected.

Solution:
Restrict network access to "sadmind" service.

Provided and/or discovered by:
Adriano Lima, RISE Security

Original Advisory:
RISE Security:
http://risesecurity.org/advisories/RISE-2008001.txt

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06

Description:
Ubuntu has issued an update for lcms. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-652-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2008-October/000760.html

Other References:
SA25294:
http://secunia.com/advisories/25294/

Release Date: 2008-10-15

Critical:
Less critical
Impact: Security Bypass
DoS

Where: Local system
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for dbus. This fixes a weakness and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions.

Solution:
Apply updated packages.

Original Advisory:
USN-653-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2008-October/000761.html

Other References:
SA29148:
http://secunia.com/advisories/29148/

SA32127:
http://secunia.com/advisories/32127/

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
DSA-1654-1:
http://lists.debian.org/debian-security-announce/2008/msg00246.html

Other References:
SA31558:
http://secunia.com/advisories/31558/

Release Date: 2008-10-15

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Elxis 2008.x

Description:
swappie aka faithlove has discovered a vulnerability in Elxis, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to modules/mod_language.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2008.1 revision 2204. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
swappie aka faithlove

Original Advisory:
http://packetstorm.linuxsecurity.com/0810-exploits/elxis-xss.txt

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-654-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2008-October/000762.html

Other References:
SA28076:
http://secunia.com/advisories/28076/

Release Date: 2008-10-15

:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for exiv2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-655-1:
https://lists.ubuntu.com/archives/ubu...ity-announce/2008-October/000763.html

Other References:
SA28132:
http://secunia.com/advisories/28132/

SA30519:
http://secunia.com/advisories/30519/

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: MyPHPDating 1.x

Description:
Hakxer has reported a vulnerability in MyPHPDating (My PHP Dating), which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in success_story.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator passwords.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hakxer

Original Advisory:
http://milw0rm.com/exploits/6754

Release Date: 2008-10-15

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


Software: VLC media player 0.x

Description:
A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a signedness error within the "parse_track_node()" function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative "identifier" attribute.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 0.9.3.

Solution:
Update to version 0.9.3 or later.

Provided and/or discovered by:
Silently fixed by the vendor in version 0.9.3.

Reported as a vulnerability by Francisco Falcon, Core Security Technologies.

Changelog:
2008-10-15: Added CVE reference.

Original Advisory:
Core Security Technologies:
http://www.coresecurity.com/content/vlc-xspf-memory-corruption

Release Date: 2008-10-15

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Vendor Patch

Description:
g30rg3_x has reported some vulnerabilities in the WP Comment Remix plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery, script insertion, and SQL injection attacks.

The vulnerabilities are reported in all versions prior to 1.4.4.

Solution:
Update to version 1.4.4.

Provided and/or discovered by:
g30rg3_x

Original Advisory:
http://chxsecurity.org/advisories/adv-3-full.txt

Vulnerability in Active Directory Allows Code Execution (MS08-060)

15 Oct. 2008

Summary
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.

This security update is rated Critical for implementations of Active Directory on Microsoft Windows 2000 Server. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx

http://www.securiteam.com/windowsntfocus/6D00B1FMUI.html

15 Oct. 2008

Summary
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on all supported editions of Microsoft Windows 2000, and for Internet Explorer 6 running on all supported editions of Windows XP. For Internet Explorer 7 running on all supported editions of Windows XP and Windows Vista, this security update is rated Important. Otherwise, this security update is rated Moderate or Low. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://go.microsoft.com/fwlink/?LinkID=128060

http://www.securiteam.com/windowsntfocus/6E00C1FMUI.html

Vulnerability in Host Integration Server RPC Service Allows Code Execution (MS08-059)

15 Oct. 2008

Summary
This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.

This security update is rated Critical for all supported editions of Microsoft Host Integration Server 2000, Microsoft Host Integration Server 2004, and Microsoft Host Integration Server 2006. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx

http://www.securiteam.com/windowsntfocus/6G00E1FMUE.html

Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow

15 Oct. 2008

Summary
Sun Microsystems Inc's Java System is "a collection of server applications bundled together. One such server application included is the Web Proxy Server. This software implements proxy services including HTTP and SOCKSv5". Remote exploitation of a heap based buffer overflow in Sun Microsystems Inc.'s Sun Java Web Proxy could allow an attacker to execute arbitrary code.

Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747

http://www.securiteam.com/securitynews/6F00D1FMUY.html

Web site stutters under demand

Written by Iain Thomson in San Francisco

vnunet.com, 15 Oct 2008


Demand for the OpenOffice 3.0 suite has been so high that it has taken down the company's servers.

At time of going to press the OpenOffice.org web site was reduced to a text-only page and direct downloads were impossible. The site does, however, include links to BitTorrent sites where the software can be downloaded.

More: http://www.vnunet.com/vnunet/news/2228229/demand-outstrips-supply

It's aimed at helping designers and developers build interactive content

October 15, 2008 (Computerworld) Adobe Systems Inc. began shipping its Adobe Flash Player 10 browser plug-in Wednesday with new features aimed at helping designers and developers build interactive content and online videos.

This version of Flash, which Adobe launched in a beta version in May, includes support for custom filters and special effects, native 3-D transformation and animation, advanced audio processing and GPU hardware acceleration, Adobe said. It also includes a new text engine aimed at providing designers and developers with more text layout options.

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117183&intsrc=hm_list