HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - October 17, 2007

by Marianna Schmudlach / October 17, 2007 1:42 AM PDT

Opera Two Vulnerabilities

Secunia Advisory: SA27277
Release Date: 2007-10-17


Critical:
Highly critical
Impact: Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system.

1) Opera may launch external email or newsgroup clients incorrectly. This can be exploited to execute arbitrary commands by e.g. visiting a malicious website.

Successful exploitation requires that the user has configured an external email or newsgroup client.

2) An error when processing frames from different websites can be exploited to bypass the same-origin policy. This allows to overwrite functions of those frames and to execute arbitrary HTML and script code in a user's browser session in context of other sites.

The vulnerabilities are reported in all versions of Opera for Desktop prior to version 9.24.

Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.

Solution:
Update to version 9.24.
http://www.opera.com/download/

Provided and/or discovered by:
1) Michael A. Puls II
2) David Bloom

Original Advisory:
1) http://www.opera.com/support/search/view/866/
2) http://www.opera.com/support/search/view/867/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - October 17, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - October 17, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Avaya Products CUPS "StreamPredictor" Multiple Vulnerabiliti
by Marianna Schmudlach / October 17, 2007 1:43 AM PDT

Secunia Advisory: SA27281
Release Date: 2007-10-17


Critical:
Highly critical
Impact: System access

Where: From local network

Solution Status: Unpatched


OS: Avaya Intuity LX
Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x

Description:
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26188

The following products and versions are affected:
* Avaya Communication Manager (CM 2.0, CM 2.1, CM 2.2 before load 119.0, and CM 3.0)
* Avaya Intuity LX (all versions)
* Avaya Messaging Storage Server (all versions)
* Avaya Message Networking (all versions)
* Avaya AES (3.1.4)

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm

Other References:
SA26188:
http://secunia.com/advisories/26188/

Collapse -
Asterisk-Addons "cdr_addon_mysql" SQL Injection Vulnerabilit
by Marianna Schmudlach / October 17, 2007 1:45 AM PDT

Secunia Advisory: SA27278
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Asterisk-Addons 1.x

Description:
A vulnerability has been reported in Asterisk-Addons, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the source and destination numbers are not properly sanitised in the "cdr_addon_mysql" module before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in 1.2.x versions prior to 1.2.8 and 1.4.x versions prior to 1.4.4.

Solution:
Update to 1.2.8 or 1.4.4.

Provided and/or discovered by:
The vendor credits Humberto Abdelnur.

Original Advisory:
http://downloads.digium.com/pub/security/AST-2007-023.html

Collapse -
Avaya Products Qt Overlong UTF-8 Sequence Cross-Site Scripti
by Marianna Schmudlach / October 17, 2007 1:46 AM PDT

Avaya Products Qt Overlong UTF-8 Sequence Cross-Site Scripting

Secunia Advisory: SA27275
Release Date: 2007-10-17


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


OS: Avaya Modular Messaging 3.x

Description:
Avaya has acknowledged a vulnerability in various Avaya products, which potentially can be exploited to conduct cross-site scripting attacks.

For more information:
SA24727

The vulnerability affects the following products and versions:
* Avaya Messaging Storage Server (3.x)
* Intuity AUDIX LX (2.0)
* Avaya Messaging Networking (3.1)

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm

Other References:
SA24727:
http://secunia.com/advisories/24727/

Collapse -
Sun Solaris bzip2 Multiple Vulnerabilities
by Marianna Schmudlach / October 17, 2007 1:47 AM PDT

Secunia Advisory: SA27274
Release Date: 2007-10-17


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: From remote

Solution Status: Partial Fix


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA15447

Additionally, a race condition when setting file permissions has also been acknowledged.

The vulnerabilities are reported in Sun Solaris 8, 9 and 10 for both the x86 and SPARC platforms.

Solution:
Apply patches.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1

Other References:
SA15447:
http://secunia.com/advisories/15447/

Collapse -
Gentoo update for balsa
by Marianna Schmudlach / October 17, 2007 1:49 AM PDT

Secunia Advisory: SA27272
Release Date: 2007-10-17


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for balsa. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

For more information:
SA26947

Solution:
Update to:
"mail-client/balsa-2.3.20" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml

Other References:
SA26947:
http://secunia.com/advisories/26947/

Collapse -
artmedic CMS "page" Local File Inclusion
by Marianna Schmudlach / October 17, 2007 1:50 AM PDT

Secunia Advisory: SA27269
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: artmedic CMS 3.x

Description:
iNs has discovered a vulnerability in artmedic CMS, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
iNs

Original Advisory:
http://milw0rm.com/exploits/4538

Collapse -
Okul Otomasyon Portal "id" SQL Injection
by Marianna Schmudlach / October 17, 2007 1:51 AM PDT

Secunia Advisory: SA27268
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Okul Otomasyon Portal 2.x

Description:
dumenci has reported a vulnerability in Okul Otomasyon Portal, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in default.asp (when "islem" is set to "1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
dumenci

Original Advisory:
http://milw0rm.com/exploits/4539

Collapse -
HP Tru64 Internet Express update for Apache Tomcat
by Marianna Schmudlach / October 17, 2007 1:52 AM PDT

Secunia Advisory: SA27267
Release Date: 2007-10-17


Critical:
Less critical
Impact: Cross Site Scripting
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Workaround


Software: HP Internet Express 6.x

Description:
HP has issued an update for Apache Tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or conduct cross-site scripting attacks.

For more information:
SA26465
SA26466

The vulnerabilities are reported in the following versions:
Tru64 UNIX running Tomcat v5.5.10 (supplied by Internet Express v6.5)
Tru64 UNIX running Tomcat v5.5.17 (supplied by Internet Express v6.6)
Tru64 UNIX running Tomcat v5.5.23 (supplied by Internet Express v6.7)

Solution:
The vendor has released ERPs.
http://www.itrc.hp.com/service/patch/...51B-IX671-TOMCAT5525-SSRT147-20071003

Original Advisory:
HPSBTU02276 SSRT071472:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554

Other References:
SA26465:
http://secunia.com/advisories/26465/

SA26466:
http://secunia.com/advisories/26466/

Collapse -
HP-UX update for OpenSSL
by Marianna Schmudlach / October 17, 2007 1:54 AM PDT

Secunia Advisory: SA27265
Release Date: 2007-10-17


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
HP has issued an update for OpenSSL. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31 running OpenSSL before vA.00.09.07l.

Solution:
Apply patches. Please see vendor advisory for details.

Provided and/or discovered by:
The vendor credits SureRun Security Team.

Original Advisory:
HPSBUX02277 SSRT071453:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958

Collapse -
1024 CMS Cross-Site Request Forgery Vulnerability
by Marianna Schmudlach / October 17, 2007 1:55 AM PDT

Secunia Advisory: SA27259
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Hijacking

Where: From remote

Solution Status: Unpatched


Software: 1024 CMS 1.x

Description:
nights shadow has discovered a vulnerability in 1024 CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create files containing arbitrary PHP code on an affected system by enticing a logged-in administrator to visit a malicious site.

Successful exploitation with a different impact may also be possible via the forum functionality.

The vulnerability is confirmed in version 1.2.5. Other versions may also be affected.

Solution:
Grant only trusted users access to the application and don't browse untrusted sites while being logged on to the application.

Provided and/or discovered by:
nights shadow

Collapse -
Oracle Products Multiple Vulnerabilities
by Marianna Schmudlach / October 17, 2007 1:57 AM PDT

Secunia Advisory: SA27251
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Unknown
Manipulation of data
Exposure of sensitive information
DoS

Where: From remote

Solution Status: Vendor Patch


Software: Oracle Application Server 10g
Oracle Collaboration Suite 10.x
Oracle Database 10.x
Oracle E-Business Suite 11i
Oracle E-Business Suite 12.x
Oracle Enterprise Manager 10.x
Oracle PeopleSoft Enterprise Human Capital Management 8.x
Oracle PeopleSoft Enterprise Human Capital Management 9.x
Oracle PeopleSoft Enterprise Tools 8.x
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition

Description:
Multiple vulnerabilities have been reported for various Oracle products. Some have unknown impacts, other can be exploited to disclose sensitive information, conduct SQL injection attacks, or to cause a DoS (Denial of Service).

Details are available for the following vulnerabilities:

1) An input validation error exists within the GIOP service in Oracle TNS Listener when processing connect GIOP packets. This can be exploited to crash the TNS Listener or to disclose potential sensitive information via a specially crafted packet.

2) Certain input processed by the CTX_DOC package is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code via the THEMES, GIST, TOKENS, FILTER, HIGHLIGHT, and MARKUP procedures.

3) An error in Oracle RDBMS when processing TNS data packets can be exploited to cause high CPU usage via a specially crafted packet sequence.

4) Certain input processed by the LT package is not properly sanitised before being used in SQL queries in the FINDRICSET package. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code via the FINDRICSET procedure.

Successful exploitation of this vulnerability allows an attacker to gain "SYS" privileges.

5) An error in the Oracle XML DB ftp service leads to incorrect "USERID" entries in the audit trail.

Solution:
Apply patches (see the vendor's advisory).

Provided and/or discovered by:
The vendor credits:
* Esteban Martinez Fayo, Application Security, Inc.
* Johannes Greil of SEC Consult
* Joxean Koret via Tipping Point's Zero Day Initiative
* Alexander Kornbrust, Red Database Security GmbH
* David Litchfield, Next Generation Security Software Ltd.

Changelog:
2007-10-17: Added vulnerabilities #1 to #5.

Original Advisory:
Oracle:
http://www.oracle.com/technology/depl...ritical-patch-updates/cpuoct2007.html

Collapse -
Avaya Products Cyrus SASL DIGEST-MD5 Pre-Authentication Deni
by Marianna Schmudlach / October 17, 2007 1:58 AM PDT

Avaya Products Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Secunia Advisory: SA27237
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


OS: Avaya Converged Communications Server (CCS) 3.x
Avaya Intuity LX
Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x
Avaya SIP Enablement Services (SES) 3.x

Description:
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA19618

The vulnerability affects the following products and versions:
* Avaya Communication Manager (CM 2.x, 3.x, 4.x)
* Avaya Intuity LX (all versions)
* Avaya EMMC (all versions)
* Avaya Messaging Storage Server (2.x and 3.x)
* Avaya Message Networking (all versions)
* Avaya CCS/SES (3.1.1 and newer)
* Avaya AES (4.x)

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2007-426.htm

Other References:
SA19618:
http://secunia.com/advisories/19618/

Collapse -
RunCms newbb_plus Unspecified Vulnerability
by Marianna Schmudlach / October 17, 2007 1:59 AM PDT

Secunia Advisory: SA27230
Release Date: 2007-10-17


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


Software: RunCms 1.x

Description:
A vulnerability with an unknown impact has been reported in RunCms.

The vulnerability is caused due to an unknown error in newbb_plus. No further information is currently available.

The vulnerability is reported in version 1.5.2. Prior versions may also be affected.

Solution:
Update to version 1.5.3.

Provided and/or discovered by:
The vendor credits Irbis.

Original Advisory:
http://www.runcms.org/modules/mydownloads/singlefile_lid_96.html

Collapse -
IrfanView Palette File Importing Client-Side Buffer Overflow
by Marianna Schmudlach / October 17, 2007 4:37 AM PDT

Advisory ID : FrSIRT/ADV-2007-3528
CVE ID : CVE-2007-4343
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-17
Technical Description

A vulnerability has been identified in IrfanView, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is caused by a buffer overflow error when importing malformed palette (*.pal) files, which could be exploited by attackers to compromise an affected system by tricking a user into importing a specially crafted palette.

Affected Products

IrfanView version 4.00 and prior

Solution

Upgrade to IrfanView version 4.10 :
http://www.irfanview.com/main_download_engl.htm

References

http://www.frsirt.com/english/advisories/2007/3528
http://secunia.com/secunia_research/2007-71/advisoy
http://www.irfanview.com/main_history.htm

Credits

Vulnerability reported by Stefan Cornelius (Secunia Research).

Collapse -
Cisco Releases Security Advisories to Address Several Vulner
by Marianna Schmudlach / October 17, 2007 8:54 AM PDT

Cisco Releases Security Advisories to Address Several Vulnerabilities

added October 17, 2007 at 02:36 pm

Cisco has released four Security Advisories to address several vulnerabilities in its Firewall Services Module, PIX, Adaptive Security Appliance, Unified Communications Manager, and Unified Communications Web-based Management products.

Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module addresses three vulnerabilities that may allow an attacker to bypass network access control list entries or cause a denial-of-service condition.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition.

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability addresses a vulnerability that may allow any Microsoft Windows Active Directory domain defined user to obtain unauthorized privilege levels.

US-CERT strongly encourages administrators to review the above Cisco Security Advisories and follow best-practice security policies to determine what updates and workarounds should be applied.


http://www.us-cert.gov/current/current_activity.html#cisco_releases_security_advisories_to2

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.