Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - October 18, 2007

by Marianna Schmudlach / October 18, 2007 1:10 AM PDT

Microsoft Visual FoxPro FPOLE.OCX Insecure Method Command Execution

Secunia Advisory: SA27165
Release Date: 2007-10-18


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Microsoft Visual FoxPro 6.x

Description:
shinnai has reported a vulnerability in Microsoft Visual FoxPro, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the FPOLE.OCX ActiveX control including the insecure "FoxDoCmd()" method. This can be exploited to e.g. execute arbitrary commands on the system when a user visits a malicious website.

The vulnerability is reported in version 6.0. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
shinnai

Original Advisory:
http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - October 18, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - October 18, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for tk
by Marianna Schmudlach / October 18, 2007 1:11 AM PDT

Secunia Advisory: SA27182
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7

Description:
Fedora has issued an update for tk. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.

For more information:
SA26942

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...e-announce/2007-October/msg00261.html

Other References:
SA26942:
http://secunia.com/advisories/26942/

Collapse -
Cisco PIX and ASA TLS/MGCP Packet Processing Denial of Servi
by Marianna Schmudlach / October 18, 2007 1:13 AM PDT

Cisco PIX and ASA TLS/MGCP Packet Processing Denial of Service

Secunia Advisory: SA27193
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Cisco Adaptive Security Appliance (ASA) 7.x
Cisco Adaptive Security Appliance (ASA) 8.x
Cisco PIX 7.x
Cisco PIX 8.x

Description:
Cisco has acknowledged some vulnerabilities in Cisco PIX and ASA appliances, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An unspecified error exists within the handling of Transport Layer Security (TLS) packets. This can be exploited to reload an affected device by sending specially crafted TLS packets.

2) An unspecified error exists within the handling of Media Gateway Control Protocol (MGCP) packets. This can be exploited to reload an affected device by sending specially crafted MGCP packets.

Successful exploitation of this vulnerability requires that the MGCP application layer protocol inspection is enabled (disabled by default).

Solution:
Apply updates (please see the vendor's advisory for details).

PIX:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2

ASA:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml

Collapse -
Cisco Products Unspecified Unauthorized Access Vulnerability
by Marianna Schmudlach / October 18, 2007 1:15 AM PDT

Secunia Advisory: SA27214
Release Date: 2007-10-18


Critical:
Less critical
Impact: Security Bypass
Manipulation of data
Exposure of sensitive information

Where: From local network

Solution Status: Vendor Patch


Software: Cisco System Unified Contact Center Enterprise (SUCCE) 7.x
Cisco Unified Contact Center Enterprise (formerly IPCC) 7.x
Cisco Unified Contact Center Hosted (formerly IPCC) 7.x
Cisco Unified Intelligent Contact Management Enterprise (ICME) 7.x
Cisco Unified Intelligent Contact Management Hosted (ICMH) 7.x



Description:
A vulnerability has been reported in Cisco products, which can be exploited by malicious users to bypass certain security restrictions, disclose certain sensitive information, and manipulate certain data.

The vulnerability is caused due to an unspecified error and can be exploited by Windows Active Directory users to e.g. view Web View report information for any call center instance or gain access to the Web Admin tool.

The vulnerability is reported in the following products:
* Cisco Unified Intelligent Contact Management Enterprise (Unified ICME)
* Cisco Unified ICM Hosted (Unified ICMH)
* Cisco Unified Contact Center Enterprise (UCCE)
* Cisco Unified Contact Center Hosted (UCCH)
* Cisco System Unified Contact Center Enterprise (SUCCE)

Solution:
Apply updates (see vendor's advisory for details).
http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc

Provided and/or discovered by:
Reported by the vendor.

Changelog:
2007-10-18: Added CVE reference.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml

Collapse -
InnovaPortal Multiple Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:23 AM PDT

Secunia Advisory: SA27225
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: InnovaPortal 3.x

Description:
Jose Luis G

Collapse -
Cisco CallManager Authentication Header Hijacking Security I
by Marianna Schmudlach / October 18, 2007 1:25 AM PDT

Cisco CallManager Authentication Header Hijacking Security Issue

Secunia Advisory: SA27231
Release Date: 2007-10-18


Critical:
Less critical
Impact: Hijacking

Where: From local network

Solution Status: Unpatched


Software: Cisco Unified CallManager 5.x

Description:
A security issue has been reported in Cisco CallManager, which can be exploited by malicious people to hijack user sessions.

The security issue is caused due to the improper processing of SIP messages and can be exploited to make calls from a hijacked account by requesting a URI containing a sniffed authentication header.

The security issue is reported in Cisco CallManager system version 5.1.1.3000-5 and administration version 1.1.0.0-1. Other versions may also be affected.

Solution:
Use Cisco CallManager in a trusted network environment only.

Provided and/or discovered by:
Humberto J. Abdelnur, Radu State, and Olivier Festor

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

Collapse -
Nortel Products Multiple Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:26 AM PDT

Secunia Advisory: SA27234
Release Date: 2007-10-18


Critical:
Less critical
Impact: Exposure of sensitive information
DoS

Where: From local network

Solution Status: Vendor Patch


OS: Nortel Audio Conference Phone 2033
Nortel Business Communications Manager 3.x
Nortel Business Communications Manager 4.x
Nortel Business Communications Manager 50
Nortel Centrex IP Client Manager (CICM)
Nortel Communication Server 1000
Nortel IP Phone 1100 Series
Nortel IP Phone 2000 Series
Nortel Multimedia Communication Server 5100



Software: Nortel IP Softphone 2050
Nortel Mobile Voice Client 2050
Nortel Multimedia Communication Server 5100 3.x
Nortel Multimedia Communication Server 5100 4.x



Description:
Some vulnerabilities have been reported in various Nortel products, which can be exploited by malicious people to cause a DoS (Denial of Service) and to eavesdrop with affected devices.

1) The problem is that it is possible to send spoofed registration messages to the server to which a UNIStim IP phone is connected, forcing the IP phone to re-register. This can be exploited to cause a DoS by continuously sending re-registration messages.

2) The problem is that it is possible to send spoofed "Open Audio Stream" messages to an IP phone. This can be exploited to open an audio channel and eavesdrop with the IP phone.

The vulnerabilities are reported in the following products (see vendor advisory for details):
* BCM 4.0, BCM 3.7, BCM50
* SRG1.0, SRG1.5, SRG50
* CS1000/Meridian1
* IP Audio Conf Phone 2033
* IP Phone 1100 series
* IP Phone 200x
* IP Softphone 2050
* Mobile Voice Client 2050

NOTE: The IPCM used in CS2000 and CS2100 is not affected when the UNIStim security protocol is enabled. The vendor still investigates if MCS5100 and MCS5200 are affected by the vulnerability.

Solution:
Apply patches (see vendor advisory for details).
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022872-01.pdf
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf

Provided and/or discovered by:
Daniel Stirnimann and Cyrill Brunschwiler, Compass Security Network Computing AG.

Original Advisory:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714

Compass Security Network Computing AG:
http://www.csnc.ch/static/advisory/cs...one_forced_re-authentication_v1.0.txt
http://www.csnc.ch/static/advisory/cs...l_IP_phone_surveillance_mode_v1.0.txt

Collapse -
Cisco FWSM HTTPS/MGCP Packet Processing Denial of Service
by Marianna Schmudlach / October 18, 2007 1:27 AM PDT

Secunia Advisory: SA27236
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Cisco Firewall Services Module (FWSM) 3.x



Description:
Cisco has acknowledged some vulnerabilities in Cisco Firewall Services Module (FWSM), which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An unspecified error exists within the handling of HTTPS packets. This can be exploited to reboot an affected FWSM by sending specially crafted HTTPS packets.

Successful exploitation requires that the HTTPS server is enabled (disabled by default).

The vulnerability is reported in versions 3.1 and 3.2.

2) An unspecified error exists within the handling of Media Gateway Control Protocol (MGCP) packets. This can be exploited to reboot the FWSM by sending specially crafted MGCP packets.

Successful exploitation requires that the MGCP application layer protocol inspection is enabled (disabled by default).

The vulnerability is reported in version 3.1.

NOTE: An error when loading manipulated ACLs (Access Control Lists) is also reported.

Solution:
Update to a fixed version (please see vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml

Collapse -
Netgear SSL312 "err" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / October 18, 2007 1:29 AM PDT

Secunia Advisory: SA27238
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


OS: Netgear SSL312

Description:
SkyOut has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "err" parameter in e.g. cgi-bin/welcome/XYZ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Filter malicious characters and character sequences in a web proxy.

Do not follow untrusted links.

Provided and/or discovered by:
SkyOut

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066633.html

Collapse -
phpMyAdmin "server_status.php" Cross-Site Scripting
by Marianna Schmudlach / October 18, 2007 1:30 AM PDT

Secunia Advisory: SA27246
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: phpMyAdmin 2.x

Description:
Omer Singer has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed in the URL to server_status.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user has valid user credentials.

NOTE: Some other potential cross-site scripting problems have also been fixed by the vendor.

The vulnerability is confirmed in version 2.11.1.1. Prior versions may also be affected.

Solution:
Update to version 2.11.1.2.

Provided and/or discovered by:
Omer Singer, The DigiTrust Group

Original Advisory:
PMASA-2007-6:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6

DigiTrust:
http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html

Collapse -
Nortel IP Softphone 2050 Buffer Overflow Vulnerability
by Marianna Schmudlach / October 18, 2007 1:31 AM PDT

Secunia Advisory: SA27252
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Unpatched


Software: Nortel IP Softphone 2050

Description:
A vulnerability has been reported in Nortel IP Softphone 2050, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

The vulnerability is caused due to boundary errors when processing invalid packets sent to the RTCP port. This can be exploited to cause a buffer overflow and crash the application via specially crafted packets.

Successful exploitation may allow execution of arbitrary code.

Solution:
Use only in a trusted network environment.

NOTE: The vendor is still investigating the vulnerability.

Provided and/or discovered by:
Daniel Stirnimann and Cyrill Brunschwiler, Compass Security Network Computing AG

Original Advisory:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655203

Compass Security Network Computing AG:
http://www.csnc.ch/static/advisory/cs...IP_softphone_buffer-overflow_v1.0.txt

Collapse -
SUSE update for Sun Java
by Marianna Schmudlach / October 18, 2007 1:32 AM PDT

Secunia Advisory: SA27261
Release Date: 2007-10-18


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10
SUSE Linux 10.1
SuSE Linux Desktop 1.x
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server

Description:
SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.

For more information:
SA27009

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html

Other References:
SA27009:
http://secunia.com/advisories/27009/

Collapse -
mnoGoSearch Default Template "t" Cross-Site Scripting
by Marianna Schmudlach / October 18, 2007 1:34 AM PDT

Secunia Advisory: SA27263
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: mnoGoSearch 3.x

Description:
A vulnerability has been reported in mnoGoSearch, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "t" parameter in the default template search.htm-dist is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 3.2.43.

Solution:
Update to version 3.2.43.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.mnogosearch.org/doc/msearch-changelog.html

Collapse -
Simple PHP Blog Cross-Site Request Forgery
by Marianna Schmudlach / October 18, 2007 1:35 AM PDT

Secunia Advisory: SA27264
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Simple PHP Blog 0.x

Description:
Demential has discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. delete blocks or links by posting comments with malicious image links and enticing a logged-in administrator to view the comments.

Successful exploitation requires that "" has been switched on in "Tags to Allow in Comments" in setup.php.

The vulnerability is confirmed in version 0.5.1. Other versions may also be affected.

Solution:
Do not browse untrusted websites or visit comments while logged on to the application. Switch off the "" tag in setup.php.

Provided and/or discovered by:
Demential

Collapse -
Nortel CS1000 Denial of Service Vulnerability
by Marianna Schmudlach / October 18, 2007 1:36 AM PDT

Secunia Advisory: SA27282
Release Date: 2007-10-18


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Workaround


OS: Nortel Communication Server 1000

Description:
A vulnerability has been reported in Nortel CS1000, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the processing of packets received through certain ELAN (Embedded LAN) ports, e.g 7734/TCP, 15000/TCP, 15080/TCP, and 15000/UDP. This can potentially be exploited to disable the affected server by flooding specific ELAN ports.

The vulnerability is reported in the following products:
* Enterprise VoIP-Core-CS 1000M Chassis/Cabinet
* Enterprise VoIP-Core-CS 1000E and 1000S
* Meridian-Core-Option 11C - Chassis/Cabinet
* Meridian-Core-Option 51C, 61C, and 81C

Solution:
The vendor recommends that customers restrict direct access to the ELAN from unknown devices.

Provided and/or discovered by:
Daniel Stirnimann and Cyrill Brunschwiler, Compass Security Network Computing AG.

Collapse -
Miranda Multiple Buffer Overflow Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:37 AM PDT

Secunia Advisory: SA27287
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Miranda IM 0.x

Description:
Some vulnerabilities have been reported in Miranda, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are cause due to boundary errors within the ICQ, IRC, Jabber and Yahoo instant messaging components and can be exploited to cause buffer overflows.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 0.7.1.

Solution:
Update to version 0.7.1.
http://sourceforge.net/project/showfi...ckage_id=100076&release_id=547866

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/showno...?group_id=94142&release_id=547866

Collapse -
LimeSurvey "rootdir" File Inclusion Vulnerability
by Marianna Schmudlach / October 18, 2007 1:38 AM PDT

Secunia Advisory: SA27288
Release Date: 2007-10-18


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: LimeSurvey 1.x

Description:
S.W.A.T. has discovered a vulnerability in LimeSurvey, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "rootdir" parameter in classes/core/language.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.52+ 20071016.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
S.W.A.T.

Original Advisory:
http://milw0rm.com/exploits/4544

Collapse -
Drupal Web Links Module Cross-Site Scripting
by Marianna Schmudlach / October 18, 2007 1:40 AM PDT

Secunia Advisory: SA27289
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Web Links 5.x (module for Drupal)


Description:
Brandon Bergren has reported a vulnerability in the Web Links module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in the 5.x branch before 5.x-1.8.

Solution:
Update to version 5.x-1.8.

Provided and/or discovered by:
Brandon Bergren a.k.a. Bdragon

Original Advisory:
http://drupal.org/node/184323

Collapse -
Drupal Code Execution and Cross-Site Request Forgery
by Marianna Schmudlach / October 18, 2007 1:41 AM PDT

Secunia Advisory: SA27290
Release Date: 2007-10-18


Critical:
Less critical
Impact: Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


Software: Drupal 5.x

Description:
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks and to compromise a vulnerable system.

1) Input passed to unspecified parameters in install.php is not properly sanitised. This can be exploited to execute arbitrary code.

Successful exploitation of this vulnerability requires that the configured SQL server is not reachable.

2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to delete users by enticing a logged-in administrator to visit a malicious site.

The vulnerabilities are reported in the 5.x branch before 5.3.

Solution:
Update to version 5.3.

Provided and/or discovered by:
1) Mark Fallon and Wolfgang Ziegler
2) Stefan Esser and Mayflower GmbH

Original Advisory:
1) http://drupal.org/node/184316
2) http://drupal.org/node/184348

Collapse -
Drupal Multiple Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:42 AM PDT

Secunia Advisory: SA27292
Release Date: 2007-10-18


Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Drupal 4.x
Drupal 5.x

Description:
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions, and by malicious users to conduct HTTP response splitting attacks.

1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which is included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site.

Successful exploitation of this vulnerability requires valid user credentials.

2) The Upload module includes the ".html" file extension in its default whitelist for file uploads. This can be exploited to upload arbitrary HTML files and enticing users to visit them, thereby executing arbitrary HTML and script code in a user's browser session in context of an affected site.

3) The hook_components API operation does not pass the publication status. This makes it possible for modules including Organic groups and Subscriptions to send e-mail messages containing unpublished comments.

The vulnerabilities are reported in the 4.7.x branch before 4.7.8 and in the 5.x branch before 5.3.

Solution:
Update to version 4.7.8 or 5.3. Reconfigure the Upload module to disallow ".html" file uploads.

Provided and/or discovered by:
Drupal security team

Original Advisory:
1) http://drupal.org/node/184315
2) http://drupal.org/node/184320
3) http://drupal.org/node/184354

Collapse -
vbDrupal Multiple Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:43 AM PDT

Secunia Advisory: SA27293
Release Date: 2007-10-18


Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


Software: vbDrupal 4.x
vbDrupal 5.x

Description:
Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious users to conduct HTTP response splitting attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, and compromise a vulnerable system.

For more information:
SA27290
SA27292

The vulnerabilities are reported in versions prior to 5.3.0.

Solution:
Update to version 5.3.0. Reconfigure the Upload module to disallow ".html" file uploads.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=547880

Other References:
SA27290:
http://secunia.com/advisories/27290/

SA27292:
http://secunia.com/advisories/27292/

Collapse -
Cisco Unified Communications Manager Two Vulnerabilities
by Marianna Schmudlach / October 18, 2007 1:45 AM PDT

Secunia Advisory: SA27296
Release Date: 2007-10-18


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Cisco Unified Communications Manager 5.x



Description:
Two vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM), which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

1) A boundary error in the Centralized TFTP File Locator Service of CUCM TFTP when processing filenames can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

2) An error when processing SIP INVITE messages can be exploited to cause a resource exhaustion by e.g. flooding a CUCM system with SIP INVITE messages to default port 5060/UDP.

Please see the vendor's advisory for a list of affected versions.

Solution:
Update to the latest versions (see vendor's advisory).

Provided and/or discovered by:
Reported by the vendor.

Changelog:
2007-10-18: Added CVE reference.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml

Collapse -
Microsoft WM5 PocketPC Phone Ed SMS Handler Issue
by Marianna Schmudlach / October 18, 2007 1:55 AM PDT

Summary
Microsoft Windows Mobile 6 is the latest version of Microsoft's mobile operating system. Designed for small embedded devices, Windows Mobile is the CE feature set designed for PDA's and mobile telephones. Microsoft Windows Mobile comes in three distinct flavors, Pocket PC, Pocket PC Phone Edition and SmartPhone.

A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.

Credit:
The information has been provided by Ollie Whitehouse.
The original article can be found at: http://www.securityfocus.com/bid/26019


More: http://www.securiteam.com/windowsntfocus/6O00D2AK0I.html

Collapse -
Microsoft Windows XP/2003 Macrovision SecDrv.sys Privilege E
by Marianna Schmudlach / October 18, 2007 1:56 AM PDT

Microsoft Windows XP/2003 Macrovision SecDrv.sys Privilege Escalation

Summary
Symantec researcher Elia Florip has warned, at the company's weblog of a 0day attack in Windows XP and 2003 that allows unprivileged users to gain SYSTEM privileges via a buggy driver installed by default. The following advisory sheds light on the issue and reveals where the problem is.

Credit:
The information has been provided by Reversemode.
The original article can be found at: http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15

More: http://www.securiteam.com/windowsntfocus/6P00E2AK0E.html

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.