VULNERABILITIES \ FIXES - October 16, 2008

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: AstroSPACES 1.x

Description:
TurkishWarriorr has discovered a vulnerability in AstroSPACES, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in profile.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and password hashes.

The vulnerability is confirmed in version 1.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
TurkishWarriorr

Original Advisory:
http://milw0rm.com/exploits/6758

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: myWebland myStats

Description:
JosS has discovered two vulnerabilities in myWebland myStats, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.

Solution:
Restrict access to hits.php (e.g. with ".htaccess").

Provided and/or discovered by:
JosS

Original Advisory:
http://milw0rm.com/exploits/6759

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: HP Systems Insight Manager 5.x

Description:
A vulnerability has been reported in HP Systems Insight Manager (SIM), which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error and can be exploited to gain access to certain data.

The vulnerability is reported in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows in versions prior to 5.2 with Update 2 (C.05.02.02.00).

Solution:
Update to version 5.2 with Update 2 (C.05.02.02.00) or subsequent.
http://www.hp.com/go/softwaredepot/

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBMA02378 SSRT080035:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962

Release Date: 2008-10-16

Critical:
Less critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 9

Description:
Fedora has issued an update for neon. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update neon").

Original Advisory:
FEDORA-2008-7661:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00367.html

Other References:
SA31508:
http://secunia.com/advisories/31508/

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: Unknown
Security Bypass
Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Shindig-Integrator 5.x (module for Drupal)

Description:
Some vulnerabilities have been reported in the Shindig-Integrator module for Drupal, where some have an unknown impact, and others can be exploited by malicious users to conduct script insertion attacks, and by malicious people to bypass certain security restrictions.

The vulnerabilities are reported in all versions of Shindig-Integrator.

Solution:
Use another product.

Provided and/or discovered by:
The vendor credits Tony Mobily.

Original Advisory:
DRUPAL-SA-2008-066:
http://drupal.org/node/321758

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9


Description:
Fedora has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update cups").

Original Advisory:
FEDORA-2008-8801
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00331.html

FEDORA-2008-8844:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00380.html

Other References:
SA32226:
http://secunia.com/advisories/32226/

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch


OS: Fedora 8



Description:
Fedora has issued an update for bluez-utils and bluez-libs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

Solution:
Apply updated packages via the yum utility ("yum update bluez-utils bluez-libs").

Original Advisory:
FEDORA-2008-6140:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00397.html
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00396.html

Other References:
SA30957:
http://secunia.com/advisories/30957/

Release Date: 2008-10-16

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: SweetCMS 1.x



Description:
Dapirates & underc have reported a vulnerability in SweetCMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "page" parameter to index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.5.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Dapirates & underc

Original Advisory:
http://packetstorm.linuxsecurity.com/0810-exploits/sweetcms-sql.txt

Release Date: 2008-10-16

Critical:
Less critical
Impact: Manipulation of data
Privilege escalation

Where: From remote
Solution Status: Vendor Patch


Software: Node Vote 5.x (module for Drupal)



Description:
A vulnerability has been reported in the Node Vote module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed as changed votes after having voted on a node earlier is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. getting administrator access, but requires valid user credentials and that the "Allow user to vote again" setting is enabled.

The vulnerability is reported in version 5.x-1.0.

Solution:
Update to version 5.x-1.1.

Provided and/or discovered by:
St

Release Date: 2008-10-16

Critical:
Less critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Adobe Flash Player 9.x

Description:
Some security issues have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data.

Solution:
Upgrade to version 10.0.12.36. An update for the 9.x branch will reportedly be available in early November.

Provided and/or discovered by:
1, 3) Reported by the vendor.
2) The vendor credits fukami of SektionEins.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-18.html

Other References:
SA28161:
http://secunia.com/advisories/28161/

Release Date: 2008-10-16

Critical:
Less critical
Impact: Security Bypass

Where: From local network
Solution Status: Unpatched


OS: Alice Gate 2 Plus
Alice Gate VoIP 2 Plus Wi-Fi
Alice Gate W2+
Alice Gate2 Plus Wi-Fi

Description:
saxdax and drpepperONE have reported a vulnerability in various Telecom Italia Alice routers, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the device allowing to enable the Telnet, FTP, TFTP, and web interface services by sending a certain magic packet to the router.

The vulnerability is reported in the Telecom Italia Alice Gate 2 Plus, Alice Gate VoIP 2 Plus Wi-Fi, Alice Gate W2+, and Alice Gate2 Plus Wi-Fi routers.

Solution:
Restrict network access to the vulnerable device.

Provided and/or discovered by:
saxdax and drpepperONE

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/065050.html

Release Date: 2008-10-16

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Unpatched


Software: Adobe Flash CS3
Macromedia Flash MX 2004

Description:
Some vulnerabilities have been reported in Adobe Flash CS3, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors while processing overly long SWF control parameters. These can be exploited to cause heap-based buffer overflows via specially crafted SWF files.

NOTE: Reportedly, the vulnerabilities do not affect the Mac version of Adobe Flash CS3.

Solution:
Do not open untrusted SWF files.

Reportedly, the vulnerabilities do not affect Adobe Flash CS4.

Provided and/or discovered by:
Paul Craig, Security-Assessment.com.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/advisories/apsa08-09.html

Security-Assessment.com:
http://security-assessment.com/files/...le_Flash_Authoring_Heap_Overflows.pdf

Release Date: 2008-10-16

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: System Requirements Lab ActiveX Control

Description:
A vulnerability has been reported in the System Requirements Lab ActiveX control, which can be exploited by malicious people to compromise a user's system.

An error in the System Requirements Lab ActiveX control ("sysreqlab.dll", "sysreqlabsli.dll", or "sysreqlab2.dll") can be exploited to redirect a download of an executable file to a malicious site. This may allow executing arbitrary code with privileges granted to the signed ActiveX control.

Solution:
The vendor has issued a fixed version.

Microsoft has issued a Security Updates that sets the kill-bit for one affected ActiveX control.
http://support.microsoft.com/kb/956391

Provided and/or discovered by:
US-CERT credits Andre Protas of eEye Digital Security, who in turn credit Greg Linares

Original Advisory:
Husdawg:
http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html

US-CERT:
http://www.kb.cert.org/vuls/id/166651

Microsoft:
http://www.microsoft.com/technet/security/advisory/956391.mspx

Release Date: 2008-10-16

Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Node clone 5.x (module for Drupal)

Description:
A vulnerability has been reported in the Node clone module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction when cloning nodes. This can be exploited to view nodes without having valid credentials for viewing them.

Successful exploitation requires valid user credentials with the "clone node" permission.

The vulnerability is reported in all 5.x-1.x versions prior to 5.x-1.6 and all 5.x-2.x versions prior to 5.x-2.6.

Solution:
Update to version 5.x-1.6 or 5.x-2.6.

Provided and/or discovered by:
Peter Wolanin, Drupal security team

Original Advisory:
DRUPAL-SA-2008-065:
http://drupal.org/node/321737

Microsoft Visual Basic for Applications Multiple Vulnerabilities (MS08-057)

16 Oct. 2008

Summary
Microsoft VBA is "an implementation of Microsoft Visual Basic programming language for developing client desktop packaged applications and integrating them with existing data and systems". Several vulnerabilities exist in Microsoft Corp.'s Office Visual Basic for Applications (VBA) which could allow remote exploitation by an attacker. Exploitation could allow the execution of arbitrary code with the privileges of the current user.

Credit:
The information has been provided by iDefense.

http://www.securiteam.com/windowsntfocus/6N00B1PMUW.html

Microsoft Windows AFD.sys Privilege Escalation (Kartoffel Plugin, Exploit, MS08-066)

16 Oct. 2008

Summary
Kartoffel is a extensible command-line tool developed with the aim of helping developers to test the security and the reliability of a driver. The following exploit code will use Kartoffel to exploit the vulnerability found in Microsoft's Windows operating system's AFD.sys driver.

Credit:
The information has been provided by Ruben Santamarta.
The original article can be found at: http://www.milw0rm.com/exploits/6757

http://www.securiteam.com/exploits/6O00C1PMUE.html

16 October 2008

NetBSD 4.01 has been released, providing the first security/critical update of the NetBSD project's current major version which was released in December 2007. It brings together all the fixes for security issues and corrections for problems deemed critical by the developers and gives a consolidated release for new installations.

http://www.heise-online.co.uk/security/NetBSD-4-01-released--/news/111732

Flash, bang, wallop

By John Leyden
16th October 2008

Adobe has published an update to its popular Flash Player software, addressing a much-publicised clickjacking flaw.

Clickjacking affects multiple applications (including browsers and media players) and creates a means for hackers to trick prospective marks into unknowingly clicking on a link or dialogue. Adobe Flash Player - specifically the microphone and camera access dialogue - was among the products affected.

More: http://www.theregister.co.uk/2008/10/16/adobe_update_thwarts_clickjacking/

added October 16, 2008 at 12:38 pm

Adobe has released a Security Bulletin to address multiple security issues in Flash Player. Some of these issues may allow an attacker to conduct clickjacking types of attacks that could enable the camera or microphone through Flash Player. Additional information about clickjacking attacks can be found in a recently posted Current Activity entry.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and upgrade to Flash Player version 10.0.12.36 to help mitigate the risks.


http://www.us-cert.gov/current/current_activity.html#adobe_releases_security_bulletin_for

Vulnerabilities in Microsoft Excel Allows Code Execution (MS08-057)

16 Oct. 2008

Summary
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Microsoft Office Excel 2000 and rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack , Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx

http://www.securiteam.com/windowsntfocus/6P00D1PMUE.html