VULNERABILITIES \ FIXES - October 21, 2008

Release Date: 2008-10-21

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for jhead. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA32340

Solution:
Apply updated packages via the yum utility ("yum update jhead").

Original Advisory:
FEDORA-2008-8941:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00531.html

FEDORA-2008-8928:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00511.html

Other References:
SA32340:
http://secunia.com/advisories/32340/

Release Date: 2008-10-21

Critical:
Not critical
Impact: Privilege escalation
DoS

Where: Local system
Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for the kernel. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
SUSE-SA:2008:051:
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html

Other References:
SA25895:
http://secunia.com/advisories/25895/

SA31826:
http://secunia.com/advisories/31826/

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


Software: Wireshark (formerly Ethereal) 0.x
Wireshark 1.x

Description:
Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).


Solution:
Update to version 1.0.4.
http://www.wireshark.org/download.html

Provided and/or discovered by:
1) The vendor credits Florent Drouin and David Maciejak
2) Reported in a bug by Mike Davies
3) Reported in the USB dissector by David Maciejak. Similar issue in the Bluetooth RFCOMM dissector reported by the vendor.

Original Advisory:
http://www.wireshark.org/security/wnpa-sec-2008-06.html

Release Date: 2008-10-21

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: F-Secure Messaging Security Gateway P-Series
F-Secure Messaging Security Gateway X-Series



Software: F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 2008
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Citrix Servers 7.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Linux Gateways 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for Microsoft Exchange 7.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 7.x
F-Secure Anti-Virus for Windows Servers 8.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Anti-Virus for Workstations 7.x
F-Secure Anti-Virus Linux Client Security 5.x
F-Secure Anti-Virus Linux Server Security 5.x
F-Secure Client Security 7.x
F-Secure Home Server Security 2009
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2006
F-Secure Internet Security 2007
F-Secure Internet Security 2008
F-Secure Linux Security 7.x

Description:
A vulnerability has been reported in various F-Secure products, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error when parsing RPM files. This can be exploited to cause a buffer overflow via a specially crafted RPM file.

Successful exploitation may allow execution of arbitrary code, but requires that the application is configured to scan inside compressed archives.

Solution:
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits Tamas Feher.

Original Advisory:
FSC-2008-3:
http://www.f-secure.com/security/fsc-2008-3.shtml

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Makale 0.x (module for XOOPS)

Description:
EcHoLL has discovered a vulnerability in the Makale module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in makale.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 0.26. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
EcHoLL

Original Advisory:
http://milw0rm.com/exploits/6795

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Vendor Patch


Software: JobControl (dmmjobcontrol) Extension for TYPO3 1.x



Description:
A vulnerability has been reported in the JobControl (dmmjobcontrol) extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.

Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.15.4 and prior.

Solution:
Update to version 1.15.5.
http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/

Provided and/or discovered by:
The vendor credits Max Beutel.

Original Advisory:
http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/

Release Date: 2008-10-21

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


Software: JHead 2.x

Description:
A security issue has been reported in JHead, which potentially can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to a boundary error within the "DoCommand()" function in jhead.c. This can be exploited to cause a stack-based buffer overflow by tricking a user into using the "-cmd" argument to process a file having an overly long filename.

NOTE: Other similar security issues are reportedly also present.

This security issue is reported in versions prior to 2.84.

Solution:
Update to version 2.84.

Provided and/or discovered by:
Reported by Marc Merlin and John **** in an Ubuntu bug report.

Original Advisory:
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

http://www.sentex.net/~mwandel/jhead/changes.txt

Release Date: 2008-10-21

Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information

Where: Local system
Solution Status: Partial Fix


Software: VERITAS File System (VxFS) 3.x
Veritas File System 5.x

Description:
Two security issues have been reported in Veritas File System, which can be exploited by malicious, local users to disclose sensitive information.

Solution:
Veritas File System (VxFS) for Solaris, Linux, and AIX:
Update to version 5.0 MP3.
https://fileconnect.symantec.com/

Veritas File System (VxFS) for HP-UX:
Restrict access to the affected utilities. Please see vendor's advisory for more information.

Provided and/or discovered by:
The vendor credits Derek Callaway of Security Objectives.

Original Advisory:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20.html
http://seer.entsupport.symantec.com/docs/310872.htm

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for cupsys. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
DSA-1656-1:
http://www.us.debian.org/security/2008/dsa-1656

Other References:
SA32226:
http://secunia.com/advisories/32226/

Release Date: 2008-10-21

Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for mantis. This fixes a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information.

Solution:
Apply updated packages via the yum utility ("yum update mantis").

Original Advisory:
FEDORA-2008-8925:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00504.html

FEDORA-2008-9015
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00648.html

Other References:
SA32243:
http://secunia.com/advisories/32243/

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Mic_Blog 0.x

Mic_Blog Multiple SQL Injection Vulnerabilities
Secunia Advisory: SA32310 Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-10-21
Popularity: 115 views


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Mic_Blog 0.x



Subscribe: Instant alerts on relevant vulnerabilities



Description:
StAkeR has reported some vulnerabilities in Mic_Blog (mic blog), which can be exploited by malicious people to conduct SQL injection attacks.



Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR aka athos

Original Advisory:
http://milw0rm.com/exploits/6764

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Mosaic Commerce

Description:
Ali Abbasi has reported a vulnerability in Mosaic Commerce, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cid" parameter in category.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator usernames and password hashes.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Ali Abbasi

Original Advisory:
http://milw0rm.com/exploits/6763

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct script insertion attacks, to bypass certain security restrictions, or to disclose potentially sensitive information.

Solution:
Update to version 9.61.
http://www.opera.com/download/

Provided and/or discovered by:
The vendor credits:
1) Roberto Suggi Liverani of Security-Assessment.com
2, 3) David Bloom

Original Advisory:
http://www.opera.com/support/search/view/903/
http://www.opera.com/support/search/view/904/
http://www.opera.com/support/search/view/905/

Release Date: 2008-10-21

Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS

Where: From remote
Solution Status: Vendor Patch


Software: IBM WebSphere Application Server 6.0.x

Description:
Some vulnerabilities and a security issue have been reported in IBM WebSphere Application Server. One vulnerability has an unknown impact, the others can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions.

Solution:
IBM WebSphere Application Server 6.0.x:
Apply Fix Pack 31 (6.0.2.31).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PK64302, PK69371, PK6125:
http://www-01.ibm.com/support/docview.wss?uid=swg27006876

Other References:
SA31892:
http://secunia.com/advisories/31892/

Release Date: 2008-10-21

Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation

Where: Local system
Solution Status: Vendor Patch


Software: Altiris Deployment Solution 6.x

Description:
Some vulnerabilities have been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to gain knowledge of sensitive information or gain escalated privileges.

Solution:
Update to version 6.9 SP1.
http://www.altiris.com/download.aspx

Provided and/or discovered by:
1) Brett Moore, Insomnia Security.
2) The vendor credits Mazin Faour, Information Risk Management.

Original Advisory:
Insomnia:
http://www.insomniasec.com/advisories/ISVA-081020.1.htm

SYM08-019:
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html

SYM08-020:
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html

Published: 2008-10-21,
Last Updated: 2008-10-21 12:02:23 UTC
by Johannes Ullrich (Version: 1)

Wireshark, our all-time favorite protocol analyzer, released a new version (1.0.4). The new version includes a number of security fixes. For details, see http://www.wireshark.org/news/20081020.html .

More: http://isc.sans.org/

F-Secure has released a Security Bulletin to address a vulnerability that affects a number of their products. This vulnerability is due to improper RPM parsing. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users to review F-Secure Security Bulletin FSC-2008-3 and apply any necessary updates to help mitigate the risks.


http://www.us-cert.gov/current/current_activity.html#f_secure_releases_security_bulletin