Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - October 23, 2007

by Marianna Schmudlach / October 23, 2007 2:13 AM PDT

Gentoo update for openoffice

Secunia Advisory: SA27370
Release Date: 2007-10-23


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x


Description:
Gentoo has issued an update for openoffice. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

For more information:
SA26816

Solution:
All openoffice users should update to:
"app-office/openoffice-2.3.0" or later.

All openoffice-bin users should update to:
"app-office/openoffice-bin-2.3.0" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200710-24.xml

Other References:
SA26816:
http://secunia.com/advisories/26816/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - October 23, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - October 23, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
WebIf "cmd" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / October 23, 2007 2:14 AM PDT

Secunia Advisory: SA27365
Release Date: 2007-10-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Ifnet WebIf



Description:
SkyOut has reported a vulnerability in WebIf, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "cmd" parameter in /cgi-bin/webif.exe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
SkyOut

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066947.html

Collapse -
Ubuntu update for OpenSSL
by Marianna Schmudlach / October 23, 2007 2:15 AM PDT

Secunia Advisory: SA27363
Release Date: 2007-10-23


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

For more information:
SA25878

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-534-1

Other References:
SA25878:
http://secunia.com/advisories/25878/

Collapse -
Ubuntu update for nagios-plugins
by Marianna Schmudlach / October 23, 2007 2:17 AM PDT

Secunia Advisory: SA27362
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06

Description:
Ubuntu has issued an update for nagios-plugins. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27124

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-532-1

Other References:
SA27124:
http://secunia.com/advisories/27124/

Collapse -
Netscape Multiple Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:18 AM PDT

Secunia Advisory: SA27360
Release Date: 2007-10-23


Critical:
Highly critical
Impact: Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Netscape 9.x

Description:
Netscape has acknowledged some vulnerabilities and a weakness in Netscape Navigator, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA27311

Solution:
Update to version 9.0.0.1.
http://browser.netscape.com/downloads/

Original Advisory:
http://browser.netscape.com/releasenotes/

Other References:
SA27311:
http://secunia.com/advisories/27311/

Collapse -
DeleGate Multiple Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:19 AM PDT

Secunia Advisory: SA27357
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: DeleGate 8.x
DeleGate 9.x



Description:
Some vulnerabilities have been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

1) An unspecified error exists in DeleGate when running as an HTTP cache proxy. This can be exploited to crash an affected server.

The vulnerability is reported in versions 9.6.3-pre6 through 9.7.4.

2) A boundary error exists within the SHTML parsing when DeleGate is running as an origin HTTP server. This can be exploited to cause a buffer overflow with a zero byte.

The vulnerability is reported in versions 9.4.0 through 9.7.3.

3) A synchronization error exists within the HTTPS/SSL origin server implementation when sending large (over 1 MB) HTML files using GZIP encoding. This can be exploited to block an affected server.

The vulnerability is reported in versions 9.6.x through 9.7.0 on FreeBSD.

4) A synchronization error exists when processing GZIP HTTP transfers. This can be exploited to block or potentially crash an affected server by triggering a SIGPIPE in another thread (e.g. a client disconnects prematurely).

The vulnerability is reported in versions 9.6.x through 9.7.0.

5) A boundary error exists within the implementation of various supported protocols. This can be exploited to cause a buffer overflow with a zero byte.

The vulnerability is reported in versions 8.10.3 through 9.3.2.

Solution:
Update to version 9.7.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
1) http://www.delegate.org/mail-lists/delegate-en/3875
2, 5) http://www.delegate.org/mail-lists/delegate-en/3856
3, 4) http://www.delegate.org/mail-lists/delegate-en/3829

Collapse -
Red Hat update for flac
by Marianna Schmudlach / October 23, 2007 2:20 AM PDT

Secunia Advisory: SA27355
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

For more information:
SA27210

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0975.html

Other References:
SA27210:
http://secunia.com/advisories/27210/

Collapse -
Ubuntu update for util-linux
by Marianna Schmudlach / October 23, 2007 2:22 AM PDT

Secunia Advisory: SA27354
Release Date: 2007-10-23


Critical:
Not critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04

Description:
Ubuntu has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA27145

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-533-1

Other References:
SA27145:
http://secunia.com/advisories/27145/

Collapse -
Ubuntu update for dhcp
by Marianna Schmudlach / October 23, 2007 2:23 AM PDT

Secunia Advisory: SA27350
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

For more information:
SA27160

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-531-1

Other References:
SA27160:
http://secunia.com/advisories/27160/

Collapse -
PHP Project Management File Inclusion Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:25 AM PDT

Secunia Advisory: SA27347
Release Date: 2007-10-23


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: PHP Project Management 0.x

Description:
Some vulnerabilities have been reported in PHP Project Management, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.

1) Input passed to the "full_path" parameter in various scripts is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation of this vulnerability requires that "register_globals" is enabled.

Examples:

http://[host]/[path]/ajax/loadsplash.php?full_path=[path2]
http://[host]/[path]/blocks/birthday.php?full_path=[path2]
http://[host]/[path]/blocks/events.php?full_path=[path2]
http://[host]/[path]/blocks/help.php?full_path=[path2]
http://[host]/[path]/modules/certinfo/index.php?full_path=[path2]
http://[host]/[path]/modules/emails/index.php?full_path=[path2]
http://[host]/[path]/modules/events/index.php?full_path=[path2]
http://[host]/[path]/modules/fax/index.php?full_path=[path2]
http://[host]/[path]/modules/files/index.php?full_path=[path2]
http://[host]/[path]/modules/files/list.php?full_path=[path2]
http://[host]/[path]/modules/groupadm/index.php?full_path=[path2]
http://[host]/[path]/modules/history/index.php?full_path=[path2]
http://[host]/[path]/modules/info/index.php?full_path=[path2]
http://[host]/[path]/modules/log/index.php?full_path=[path2]
http://[host]/[path]/modules/mail/index.php?full_path=[path2]
http://[host]/[path]/modules/messages/index.php?full_path=[path2]
http://[host]/[path]/modules/organizations/index.php?full_path=[path2]
http://[host]/[path]/modules/phones/index.php?full_path=[path2]
http://[host]/[path]/modules/presence/index.php?full_path=[path2]
http://[host]/[path]/modules/projects/index.php?full_path=[path2]
http://[host]/[path]/modules/projects/list.php?full_path=[path2]
http://[host]/[path]/modules/projects/summary.inc.php?full_path=[path2]
http://[host]/[path]/modules/reports/index.php?full_path=[path2]
http://[host]/[path]/modules/search/index.php?full_path=[path2]
http://[host]/[path]/modules/snf/index.php?full_path=[path2]
http://[host]/[path]/modules/syslog/index.php?full_path=[path2]
http://[host]/[path]/modules/tasks/index.php?full_path=[path2]
http://[host]/[path]/modules/tasks/searchsimilar.php?full_path=[path2]
http://[host]/[path]/modules/tasks/summary.inc.php?full_path=[path2]
http://[host]/[path]/modules/useradm/index.php?full_path=[path2]

2) Input passed to the "full_path" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

3) Input passed to the "def_lang", "m_path", and "module" parameters in various scripts is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation of this vulnerability requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled.

Examples:

http://[host]/[path]/modules/certinfo/index.php?module=[path]%00
http://[host]/[path]/modules/emails/index.php?module=[path]%00
http://[host]/[path]/modules/events/index.php?module=[path]%00
http://[host]/[path]/modules/fax/index.php?module=[path]%00
http://[host]/[path]/modules/files/index.php?module=[path]%00
http://[host]/[path]/modules/files/list.php?def_lang=[path]%00
http://[host]/[path]/modules/groupadm/index.php?module=[path]%00
http://[host]/[path]/modules/history/index.php?module=[path]%00
http://[host]/[path]/modules/info/index.php?module=[path]%00
http://[host]/[path]/modules/log/index.php?module=[path]%00
http://[host]/[path]/modules/mail/index.php?module=[path]%00
http://[host]/[path]/modules/messages/index.php?module=[path]%00
http://[host]/[path]/modules/organizations/index.php?module=[path]%00
http://[host]/[path]/modules/phones/index.php?module=[path]%00
http://[host]/[path]/modules/presence/index.php?module=[path]%00
http://[host]/[path]/modules/projects/index.php?module=[path]%00
http://[host]/[path]/modules/projects/list.php?module=[path]%00
http://[host]/[path]/modules/projects/summary.inc.php?m_path=[path]%00
http://[host]/[path]/modules/reports/index.php?module=[path]%00
http://[host]/[path]/modules/search/index.php?module=[path]%00
http://[host]/[path]/modules/snf/index.php?module=[path]%00
http://[host]/[path]/modules/syslog/index.php?module=[path]%00
http://[host]/[path]/modules/tasks/index.php?module=[path]%00
http://[host]/[path]/modules/tasks/summary.inc.php?m_path=[path]%00
http://[host]/[path]/modules/useradm/index.php?module=[path]%00

The vulnerabilities are reported in version 0.8.10. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
1,3) GoLd_M
2) Reported by the vendor.

Original Advisory:
1,3) http://milw0rm.com/exploits/4549

Collapse -
Jeebles Directory Information Disclosure and PHP Code Execut
by Marianna Schmudlach / October 23, 2007 2:26 AM PDT

Jeebles Directory Information Disclosure and PHP Code Execution

Secunia Advisory: SA27345
Release Date: 2007-10-23


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Jeebles Directory 2.x

Description:
Some vulnerabilities have been discovered in Jeebles Directory, which can be exploited by malicious people to disclose sensitive information and by malicious users to compromise a vulnerable system.

1) Input passed to the download.php script is not properly sanitised before being used. This can be exploited to download arbitrary files by passing full paths (e.g. the settings2.inc.php file containing the administrator password).

Examples:

http://[host]/[path]/download.php?settings2.inc.php
http://[host]/[path]/download.php?/etc/passwd

2) Input passed in various parameters to the administration system's Settings part is not properly sanitised before being stored in settings.inc.php. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires valid administrator credentials (but see #1) and write access to settings.inc.php.

The vulnerabilities are confirmed in version 2.9.60. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) hack2prison
2) Discovered by an anonymous person.

Collapse -
Ubuntu update for firefox
by Marianna Schmudlach / October 23, 2007 2:27 AM PDT

Secunia Advisory: SA27335
Release Date: 2007-10-23


Critical:
Highly critical
Impact: Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04

Description:
Ubuntu has issued an update for firefox. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA20442
SA25904
SA27311

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-535-1

Other References:
SA20442:
http://secunia.com/advisories/20442/

SA25904:
http://secunia.com/advisories/25904/

SA27311:
http://secunia.com/advisories/27311/

Collapse -
Mandriva update for hplip
by Marianna Schmudlach / October 23, 2007 2:29 AM PDT

Secunia Advisory: SA27332
Release Date: 2007-10-23


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for hplip. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA27202

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201

Other References:
SA27202:
http://secunia.com/advisories/27202/

Collapse -
Sun Solaris Mozilla Layout Engine Unspecified Vulnerabilitie
by Marianna Schmudlach / October 23, 2007 2:30 AM PDT

Secunia Advisory: SA27328
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.

The vulnerabilities are caused due to unspecified errors within the Mozilla Layout Engine and can be exploited to crash the application or potentially execute arbitrary code.

The vulnerabilities are reported in Mozilla 1.7 for Sun Solaris 8, 9 and 10 for both the x86 and SPARC platforms.

Solution:
The vendor recommends disabling JavaScript support.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1

Collapse -
SocketMail "lost_id" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / October 23, 2007 2:31 AM PDT

Secunia Advisory: SA27324
Release Date: 2007-10-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: SocketMail Lite 2.x
SocketMail Pro 2.x

Description:
Ivan Sanchez and Maximiliano Soler have reported a vulnerability in SocketMail, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "lost_id" parameter in lostpwd.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 2.2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Ivan Sanchez and Maximiliano Soler

Collapse -
MultiXTpm Application Server "DebugPrint()" Buffer Overflow
by Marianna Schmudlach / October 23, 2007 2:33 AM PDT

Secunia Advisory: SA27323
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: MultiXTpm Application Server 4.x

Description:
A vulnerability has been reported in MultiXTpm Application Server, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "DebugPrint()" function and can potentially be exploited to cause a stack-based buffer overflow via an overly-long string passed as argument to the affected function.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 4.0.2d. Other applications that use the affected MultiXTpm function may also be affected.

Solution:
Update to version 4.0.2d.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/showno...release_id=548209&group_id=196021

Collapse -
IBM Lotus Domino Multiple Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:34 AM PDT

Secunia Advisory: SA27321
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: IBM Lotus Domino 6.x
IBM Lotus Domino 7.x

Description:
Multiple vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious, local users to gain knowledge of sensitive information and by malicious users to bypass certain security restrictions or compromise a vulnerable system.

1) An unspecified error within the IMAP service can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code, but requires a valid user account.

2) An error in LotusScript when using the "Evaluate" method combined with certain @ formula commands to design views and agents may result in situations where a view or agent returns information that should not be accessible.

3) A security problem with Domino CA (Certificate Authority) process commands on the server console may result in passwords being displayed in clear text in the Admin panel and console.log when using uppercase characters with either the CA "activate" or "unlock" commands.

4) Insecure permissions on shared memory allows any local user to access memory containing other users' data.

Solution:
Update to version 7.0.3 or 8.0.

Vulnerability #1 is also addressed in version 6.5.6 FP2.

Provided and/or discovered by:
The vendor credits:
1) VeriSign iDefense VCP
2) Michael Gollmick
3) An unknown IBM customer.
4) Ollie Whitehouse, Symantec.

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21270623
http://www-1.ibm.com/support/docview.wss?uid=swg21273266
http://www-1.ibm.com/support/docview.wss?uid=swg21261095
http://www-1.ibm.com/support/docview.wss?uid=swg21257030

Collapse -
Sun JRE Applet Handling Vulnerability
by Marianna Schmudlach / October 23, 2007 2:35 AM PDT

Secunia Advisory: SA27320
Release Date: 2007-10-23


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x

Description:
A vulnerability has been reported in Sun JRE, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error within the handling of Java applets. This can be exploited by malicious, untrusted applets to read and write local files, or to execute local applications.

The vulnerability is reported in the following products:
* JDK and JRE 6 Update 2 and earlier
* JDK and JRE 5.0 Update 12 and earlier
* SDK and JRE 1.4.2_15 and earlier
* SDK and JRE 1.3.1_20 and earlier

Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.

Solution:
Update to the latest versions or apply patches:

JDK and JRE 6 Update 3 or later
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 13 or later:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_16 or later:
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1_21 or later (Windows and Solaris 8 only):
http://java.sun.com/j2se/1.3/download.html

JDK 6 Update 3 for Solaris is also available in the following patches:

* Java SE 6 Update 3 (as delivered in patch 125136-04 or later)
* Java SE 6 Update 3 (as delivered in patch 125137-04 or later (64bit))
* Java SE 6_x86 Update 3 (as delivered in patch 125138-04 or later)
* Java SE 6_x86 Update 3 (as delivered in patch 125139-04 or later (64bit))

JDK 5.0 Update 13 for Solaris is also available in the following patches:

* J2SE 5.0 Update 13 (as delivered in patch 118666-14)
* J2SE 5.0 Update 13 (as delivered in patch 118667-14 (64bit))
* J2SE 5.0_x86 Update 13 (as delivered in patch 118668-14)
* J2SE 5.0_x86 Update 13 (as delivered in patch 118669-14 (64bit))

The vendor notifies users that SDK and JRE 1.3.1 has completed the Sun End of Life (EOL) process and is only supported for customers with Solaris 8 and Vintage Support Offering support contracts. The vendor recommends that users upgrade to the latest releases.

Provided and/or discovered by:
The vendor credits Azul Systems.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1

Collapse -
Ubuntu update for ghostscript and gs-gpl
by Marianna Schmudlach / October 23, 2007 2:37 AM PDT

Secunia Advisory: SA27319
Release Date: 2007-10-23


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for ghostscript and gs-gpl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the use of vulnerable JasPer code.

For more information:
SA25287

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-501-2

Other References:
SA25287:
http://secunia.com/advisories/25287/

Collapse -
Gentoo update for star
by Marianna Schmudlach / October 23, 2007 2:38 AM PDT

Secunia Advisory: SA27318
Release Date: 2007-10-23


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for star. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26626

Solution:
Update to:
"app-arch/star-1.5_alpha84" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml

Other References:
SA26626:
http://secunia.com/advisories/26626/

Collapse -
IBM Lotus Notes WordPerfect File Viewer Vulnerability
by Marianna Schmudlach / October 23, 2007 2:39 AM PDT

Secunia Advisory: SA27317
Release Date: 2007-10-23


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: IBM Lotus Notes 8.x

Description:
Tan Chew Keong has reported a vulnerability in IBM Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the third-party WordPerfect file viewer (wp6sr.dll). This can be exploited to cause a buffer overflow by tricking a user into viewing a malicious WordPerfect document.

Successful exploitation may allow execution of arbitrary code.

Solution:
According to the vendor, a fix is scheduled for version 8.0.1.

Provided and/or discovered by:
Tan Chew Keong, vuln.sg.

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111

Vuln.sg:
http://vuln.sg/lotusnotes702wpd-en.html

Collapse -
InstaGuide Weather Free "PageName" Local File Inclusion
by Marianna Schmudlach / October 23, 2007 2:40 AM PDT

Secunia Advisory: SA27305
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: InstaGuide Weather Free

Description:
BorN To K!LL has discovered a vulnerability in InstaGuide Weather Free, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "PageName" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation with arbitrary file extensions requires that "magic_quotes_gpc" is disabled.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
BorN To K!LL

Original Advisory:
http://milw0rm.com/exploits/4558

Collapse -
Verity Keyview SDK Multiple Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:42 AM PDT

Secunia Advisory: SA27304
Release Date: 2007-10-23


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Verity KeyView Export SDK 7.x
Verity KeyView Export SDK 8.x
Verity KeyView Export SDK 9.x
Verity KeyView Filter SDK 7.x
Verity KeyView Filter SDK 8.x
Verity KeyView Filter SDK 9.x
Verity KeyView Viewer SDK 7.x
Verity KeyView Viewer SDK 8.x
Verity KeyView Viewer SDK 9.x



Description:
Multiple vulnerabilities have been reported in Verity Keyview SDK, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to various errors within the file viewers and can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted file.

The following file viewers are affected:
* mifsr.dll
* awsr.dll
* kpagrdr.dll
* exesr.dll
* rtfsr.dll
* mwsr.dll
* exesr.dll
* wp6sr.dll
* lasr.dll

Successful exploitation may allow execution of arbitrary code.

Solution:
Secunia is not currently aware of patches for these vulnerabilities.

Provided and/or discovered by:
Reported in IBM Lotus Notes advisories crediting:
* ZDI
* Tan Chew-Keong

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836

Collapse -
LiteSpeed Web Server Script Source Code Disclosure
by Marianna Schmudlach / October 23, 2007 2:43 AM PDT

Secunia Advisory: SA27302
Release Date: 2007-10-23


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: LiteSpeed Web Server 1.3.x
LiteSpeed Web Server 2.x
LiteSpeed Web Server 3.x

Description:
Tr3mbl3r has reported a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error within the handling of HTTP requests and can be exploited to disclose the source code of certain scripts (e.g. PHP) by appending e.g. "%00" to a URI.

The vulnerability is reported in versions prior to 3.2.4.

Solution:
Update to version 3.2.4.

Provided and/or discovered by:
Tr3mbl3r, TheDefaced Security Team

Original Advisory:
Tr3mbl3r:
http://milw0rm.com/exploits/4556

LiteSpeed Technologies Inc.:
http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html

Collapse -
SocketKB "node"/"art_id" Cross-Site Scripting Vulnerabilitie
by Marianna Schmudlach / October 23, 2007 2:44 AM PDT

Secunia Advisory: SA27286
Release Date: 2007-10-23


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: SocketKB 1.x



Description:
Ivan Sanchez and Maximiliano Soler have reported some vulnerabilities in SocketKB, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "node" and "art_id" parameters are not properly sanitised before being returned to the user. These can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 1.1.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Ivan Sanchez and Maximiliano Soler

Collapse -
Macrovision SafeDisc secdrv.sys Privilege Escalation
by Marianna Schmudlach / October 23, 2007 2:46 AM PDT

Secunia Advisory: SA27285
Release Date: 2007-10-23


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


OS: Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional



Software: Macrovision SafeDisc 4.x

Description:
A vulnerability has been reported in Macrovision SafeDisc, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error within secdrv.sys when handling arguments passed to certain IOCTL handlers. This can be exploited to e.g. overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges.

The vulnerability is reported in secdrv.sys installed by default in Windows XP and Windows 2003.

Solution:
Grant only trusted users access to the system.

Provided and/or discovered by:
Reported as a 0-day.

Additional information by Ruben Santamarta and Mario Ballano.

Other References:
Symantec:
http://www.symantec.com/enterprise/se...0/privilege_escalation_exploit_i.html

Reversemode:
http://www.reversemode.com/index.php?...p;action=view&id=43&Itemid=15

Collapse -
PHP COM Objects Security Bypass
by Marianna Schmudlach / October 23, 2007 2:56 AM PDT

Secunia Advisory: SA27280
Release Date: 2007-10-23


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Unpatched


Software: PHP 5.0.x
PHP 5.1.x
PHP 5.2.x

Description:
shinnai has discovered a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain access restrictions.

The vulnerability is caused due to PHP incorrectly enforcing access restrictions when handling COM objects. This can be exploited to bypass certain security restrictions (e.g. the "safe_mode" directive) by directly invoking COM methods.

The vulnerability is confirmed in PHP 5.2.4 for Windows. Other Windows versions may also be affected.

Solution:
Grant only trusted users permissions to execute PHP code.

Provided and/or discovered by:
shinnai

Original Advisory:
http://milw0rm.com/exploits/4553

Collapse -
IBM Lotus Notes Multiple Vulnerabilities
by Marianna Schmudlach / October 23, 2007 2:58 AM PDT

Secunia Advisory: SA27279
Release Date: 2007-10-23


Critical:
Highly critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: IBM Lotus Notes 6.x
IBM Lotus Notes 7.x

Description:
Multiple vulnerabilities have been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information and by malicious people to bypass certain security mechanisms or compromise a user's system.

1) Errors within various third-party file viewers (mifsr.dll, awsr.dll, kpagrdr.dll, exesr.dll, rtfsr.dll, mwsr.dll, exesr.dll, wp6sr.dll, and lasr.dll) can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted attachment.

Successful exploitation may allow execution of arbitrary code.

2) A boundary error when parsing HTML messages in nnotes.dll can be exploited to cause a buffer overflow when a user acts upon a malicious HTML message (e.g. replying, forwarding, or copying it to the clipboard).

Successful exploitation may allow execution of arbitrary code.

3) An error in the ECL (Execution Control List) mechanism may result in attachments being executed automatically instead of displaying the Execution Security Alert when handling Notes database (.nsf) and Notes template (.ntf) attachments.

4) Insecure permissions on shared memory allows any local user to access memory containing other users' data.

A bug was also reported, which may crash the client when receiving specially crafted SMTP responses.

Solution:
Update to version 7.0.3 or 8.0.

NOTE: Version 8.0 does not fix the vulnerability in wp6sr.dll.

Provided and/or discovered by:
The vendor credits:
1) ZDI and Tan Chew-Keong
2) VeriSign iDefense VCP
3) Ed Schaller
4) Ollie Whitehouse, Symantec.

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836
http://www-1.ibm.com/support/docview.wss?uid=swg21272930
http://www-1.ibm.com/support/docview.wss?uid=swg21270884
http://www-1.ibm.com/support/docview.wss?uid=swg21257030
http://www-1.ibm.com/support/docview.wss?uid=swg21271957

Vuln.sg:
http://vuln.sg/lotusnotes702doc-en.html
http://vuln.sg/lotusnotes702sam-en.html
http://vuln.sg/lotusnotes702wpd-en.html
http://vuln.sg/lotusnotes702mif-en.html

Collapse -
Oracle RDBMS Data packet DoS
by Marianna Schmudlach / October 23, 2007 3:00 AM PDT
Collapse -
Oracle Workspace Manager SQL Injection Flaw
by Marianna Schmudlach / October 23, 2007 3:01 AM PDT
Collapse -
Adobe and Netscape patch URI vulnerability
by Marianna Schmudlach / October 23, 2007 3:05 AM PDT

As previously announced, Adobe has released version 8.1.1 of Adobe Reader and Acrobat, in which the handling of URIs and URLs in PDF documents has been revised. Before this release, applications installed on a system could be launched by means of arbitrary parameters when manipulated documents were opened. Attackers may thereby gain control of a computer when a victim opens a PDF file saved on a Web server or sent by e-mail. For the attack to succeed, users do not even need to click on link in the document, which launches the URL itself when loaded because the PDF uses ActionScript.

More: http://www.heise-security.co.uk/news/97814

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!