HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - October 16, 2007

by Marianna Schmudlach / October 16, 2007 2:03 AM PDT

IrfanView Palette File Importing Buffer Overflow Vulnerability

Secunia Advisory: SA26619
Release Date: 2007-10-16


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: IrfanView 3.x
IrfanView 4.x

Description:
Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution:
Update to version 4.10.
http://www.irfanview.com/main_download_engl.htm

Provided and/or discovered by:
Stefan Cornelius, Secunia Research.

Original Advisory:
Secunia:
http://secunia.com/secunia_research/2007-71/

IrfanView:
http://www.irfanview.com/main_history.htm

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - October 16, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - October 16, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mandriva update for util-linux
by Marianna Schmudlach / October 16, 2007 2:05 AM PDT

Secunia Advisory: SA27122
Release Date: 2007-10-16


Critical:
Not critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for util-linux. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA27145

Solution:
Apply updated packages.

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066700.html

Other References:
SA27145:
http://secunia.com/advisories/27145/

Collapse -
Sun StorageTek 3510 FC Array FTP Denial of Service
by Marianna Schmudlach / October 16, 2007 2:07 AM PDT

Secunia Advisory: SA27201
Release Date: 2007-10-16


Critical:
Not critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Sun StorageTek 3510 FC Array

Description:
Sun has acknowledged a vulnerability in Sun StorageTek 3510 FC Array, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the FTP service, which can be exploited to render the array unresponsive to data services.

Successful exploitation requires that the attacker has access to the management network to which the array's management Ethernet interface is connected to.

The vulnerability is reported in firmware versions prior to 4.21.

Solution:
Update to firmware 4.21, delivered in patch 113723-18 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103106-1

Collapse -
Red Hat update for java-1.5.0-bea
by Marianna Schmudlach / October 16, 2007 2:08 AM PDT

Secunia Advisory: SA27203
Release Date: 2007-10-16


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for java-1.5.0-bea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.

For more information:
SA25283
SA26631

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0956.html

Other References:
SA25283:
http://secunia.com/advisories/25283/

SA26631:
http://secunia.com/advisories/26631/

Collapse -
Mandriva update for kernel
by Marianna Schmudlach / October 16, 2007 2:10 AM PDT

Secunia Advisory: SA27212
Release Date: 2007-10-16


Critical:
Moderately critical
Impact: Security Bypass
Privilege escalation
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or gain escalated privileges, and by malicious people to cause a DoS.

For more information:
SA25895
SA25955
SA26322
SA26934

Solution:
Apply updated packages.

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066702.html

Other References:
SA25895:
http://secunia.com/advisories/25895/

SA25955:
http://secunia.com/advisories/25955/

SA26322:
http://secunia.com/advisories/26322/

SA26934:
http://secunia.com/advisories/26934/

Collapse -
Fedora update for openssl
by Marianna Schmudlach / October 16, 2007 2:11 AM PDT

Secunia Advisory: SA27217
Release Date: 2007-10-16


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora Core 6

Description:
Fedora has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

For more information:
SA22130
SA25878

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2007-October/msg00218.html

Other References:
SA22130:
http://secunia.com/advisories/22130/

SA25878:
http://secunia.com/advisories/25878/

Collapse -
eXtremail Multiple Vulnerabilities
by Marianna Schmudlach / October 16, 2007 2:13 AM PDT

Secunia Advisory: SA27220
Release Date: 2007-10-16


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


Software: eXtremail 2.x

Description:
mu-b has reported multiple vulnerabilities in eXtremail, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

1) An integer underflow error exists within the processing of the POP3 "USER" command. This can be exploited to crash an affected server or potentially execute arbitrary code.

2) A boundary error exists within the processing of "LOGIN" commands sent to the administrative interface. This can be exploited to cause a stack-based buffer overflow by sending an overly long parameter with the affected command.

3) A boundary error exists within the processing of CRAM-MD5 authentication messages. This can be exploited to cause a heap-based buffer overflow.

4) A boundary error exists within the processing of the IMAP "AUTHENTICATE PLAIN" command. This can be exploited to cause a stack-based buffer overflow.

5) A boundary error exists within the processing of network packets. This can be exploited to cause a heap-based buffer overflow by sending specially crafted packets containing zero bytes to the IMAP port.

Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in version 2.1.1. Other versions may also be affected.

Solution:
Restrict network access to the affected server.

Provided and/or discovered by:
mu-b

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066677.html

Collapse -
Fedora update for openssh
by Marianna Schmudlach / October 16, 2007 2:15 AM PDT

Secunia Advisory: SA27235
Release Date: 2007-10-16


Critical:
Not critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Fedora Core 6

Description:
Fedora has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious people to inject certain data.

The vulnerability is caused due to an error within the "linux_audit_record_event()" function and can be exploited to inject invalid character sequences into log entries via a specially crafted username.

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2007-October/msg00214.html

Collapse -
WebMod "auth.w" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / October 16, 2007 2:16 AM PDT

Secunia Advisory: SA27245
Release Date: 2007-10-16


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: WebMod 0.x (Half-Life Dedicated Server plugin)



Description:
Nemessis has reported a vulnerability in WebMod, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "redir" parameter in auth.w is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 0.48. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Nemessis

Collapse -
VirtueMart Unspecified PHP Code Execution
by Marianna Schmudlach / October 16, 2007 2:18 AM PDT

Secunia Advisory: SA27250
Release Date: 2007-10-16


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: VirtueMart 1.x
VirtueMart Joomla! eCommerce Edition 1.x



Description:
A vulnerability has been reported in VirtueMart, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to unspecified parameters is not properly sanitised. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires valid user credentials.

The vulnerability is reported in VirtueMart 1.0.12 and VirtueMart Joomla! eCommerce Edition 1.0.12. Prior versions may also be affected.

Solution:
Update to version 1.0.13.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://virtuemart.net/index.php?optio...mp;task=view&id=260&Itemid=57

Collapse -
doop "page" Local File Inclusion Vulnerability
by Marianna Schmudlach / October 16, 2007 2:19 AM PDT

Secunia Advisory: SA27255
Release Date: 2007-10-16


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: doop 1.x

Description:
vladii has discovered a vulnerability in doop, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.3.7. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
vladii

Changelog:
2007-10-16: Added CVE reference.

Original Advisory:
http://milw0rm.com/exploits/4536

Collapse -
PHP File Sharing System "cam" Directory Traversal
by Marianna Schmudlach / October 16, 2007 2:21 AM PDT

Secunia Advisory: SA27257
Release Date: 2007-10-16


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: PHP File Sharing System 1.x

Description:
Jonas Thambert has discovered a vulnerability in PHP File Sharing System, which can be exploited by malicious people to conduct directory traversal attacks.

Input passed to the "cam" parameter in index.php is not properly sanitised before being used. This can be exploited to list directories, create new directories, and delete files and directories through directory traversal attacks.

The vulnerability is confirmed in version 1.5.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Jonas Thambert

Changelog:
2007-10-15: Added CVE reference.

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066618.html

Collapse -
DCC SOCKS Denial Of Service Vulnerability
by Marianna Schmudlach / October 16, 2007 2:22 AM PDT

Secunia Advisory: SA27262
Release Date: 2007-10-16


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Distributed Checksum Clearinghouse (DCC) 1.3.x

Description:
A vulnerability has been reported in DCC, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the handling of SOCKS streams and can potentially be exploited to crash an affected server.

The vulnerability is reported in version 1.3.65.

Solution:
Update to version 1.3.66.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.rhyolite.com/anti-spam/dcc/CHANGES

Collapse -
Unofficial patch for Windows URI problem
by Marianna Schmudlach / October 16, 2007 2:29 AM PDT

Report of 16.10.2007

It has been more than two months since the critical URI vulnerability in Windows was made public, and Microsoft has yet to release a patch. A growing number of users are using various workarounds in an attempt to patch their systems themselves. The strange behavior of Windows XP with Internet Explorer 7 installed may allow the computer to be infected with malicious software even by simply opening a file. The developers of Firefox and Skype have taken steps to provide their own patches, other applications such as Adobe Reader, Outlook Express/2000, Miranda, and mIRC however remain vulnerable.

More: http://www.heise-security.co.uk/news/97462

Collapse -
IBM WebSphere Application Server Unspecified Security Exposu
by Marianna Schmudlach / October 16, 2007 8:27 AM PDT

IBM WebSphere Application Server Unspecified Security Exposure Issue

Advisory ID : FrSIRT/ADV-2007-3506
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-16
Technical Description

A vulnerability has been identified in IBM WebSphere Application Server, which could be exploited by attackers to bypass security restrictions. This issue is caused by unspecified security exposure within the Administrative Scripting Tools (e.g. wsadmin or ANT). No further details have been disclosed.

Note : Other unspecified issues have been reported in the Default Messaging and Security components. Only IBM WebSphere Application Server versions 6.0.x are affected.

Affected Products

IBM WebSphere Application Server versions 5.x
IBM WebSphere Application Server versions 6.0.x

Solution

Upgrade to IBM WebSphere Application Server Fix Pack 23 (6.0.2.23) :
http://www.ibm.com/support/docview.wss?rs=180&uid=swg24016326

Upgrade to IBM WebSphere Application Server Cumulative Fix 16 (5.1.1.16) :
http://www.ibm.com/support/docview.wss?rs=180&uid=swg24016174

References

http://www.frsirt.com/english/advisories/2007/3506
http://www-1.ibm.com/support/docview.wss?uid=swg27006876
http://www-1.ibm.com/support/docview.wss?uid=swg27006879

Credits

Vulnerabilities reported by the vendor.

Collapse -
Ruby on Rails Information Disclosure and Session Fixation Vu
by Marianna Schmudlach / October 16, 2007 8:30 AM PDT

Ruby on Rails Information Disclosure and Session Fixation Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-3508
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-16
Technical Description

Multiple vulnerabilities have been identified in Ruby on Rails, which could be exploited by attackers to bypass security restrictions, disclose sensitive information or cause a denial of service.

The first issue is caused by an error in the XML parser when processing specially crafted requests, which could be exploited by attackers to cause a denial of service or read the contents of arbitrary files on a vulnerable system.

The second vulnerability is caused by an error in the session management functionality that allows users to provide their "session_id" in URLs and cookies, which could be exploited to conduct session fixation attacks and gain unauthorized access.

Affected Products

Ruby on Rails version 1.2.3 and prior

Solution

Upgrade to Ruby on Rails version 1.2.5 :
http://www.rubyonrails.org/down

References

http://www.frsirt.com/english/advisories/2007/3508
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

Credits

Vulnerabilities reported by the vendor.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.