VULNERABILITIES \ FIXES - October 30, 2008

Release Date: 2008-10-30

Critical:
Less critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update dovecot").

Original Advisory:
FEDORA-2008-9202:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00816.html

FEDORA-2008-9232:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00844.html

Other References:
SA32164:
http://secunia.com/advisories/32164/

Release Date: 2008-10-30

Critical:
Less critical
Impact: Hijacking

Where: From remote
Solution Status: Vendor Patch


Software: Quassel IRC 0.x

Description:
Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can be exploited by malicious people to hijack IRC connections.

The vulnerability is caused due to the application not properly handling quoted newline characters when processing CTCP requests. This can be exploited to inject newlines into the user's response, which can be used to e.g. execute IRC commands in the context of the user's IRC session.

The vulnerability is reported in versions prior to 0.3.0.3.

Solution:
Update to version 0.3.0.3.

Provided and/or discovered by:
Wouter Coekaerts

Original Advisory:
Quassel IRC:
http://quassel-irc.org/node/89

Wouter Coekaerts:
http://wouter.coekaerts.be/site/security/quassel-ctcp

Release Date: 2008-10-30

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Saba 2.x

Description:
The-0utl4w has reported a vulnerability in Saba, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "username" parameter in usercp.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session, in the context of an affected site.

This vulnerability is reported in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
The-0utl4w

Original Advisory:
http://packetstorm.linuxsecurity.com/0810-exploits/saba-xss.txt

Release Date: 2008-10-30

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Dorsa CMS

Description:
Pouya_Server has reported a vulnerability in Dorsa CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "search" parameter in Default_.aspx (when "Page_" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Pouya_Server

Original Advisory:
http://packetstorm.linuxsecurity.com/0810-exploits/dorsacms-xss.txt

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Harlandscripts Pro Traffic One

Description:
Beenu Arora has reported a vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "trg" parameter in mypage.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Beenu Arora

Original Advisory:
http://milw0rm.com/exploits/6874

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: Unknown
Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: IBM Lotus Connections 2.x



Description:
Multiple vulnerabilities and security issues have been reported in IBM Lotus Connections. Some have an unknown impact and others can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclosure sensitive information, conduct cross-site scripting, script insertion, and SQL injection attacks.

Solution:
Update to version 2.0.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (ASRE7FPNBE, ASRE7FWNT2, ASRE7FWPZ8, ASRE7H3HXG, ASRE7JBMS6, ASRE7K2RUP, PMAN7JJGD6, BSTL7K7L8Z, RSUN7JTB94, AKON7FWM2W, AKON7JEKFR, YYCG7GZDAU, YYCG7H84LH, MAHN7FWK9C):
http://www-01.ibm.com/support/docview.wss?uid=swg27014008

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: DoS
System access

Where: From local network
Solution Status: Vendor Patch


Software: IBM Tivoli Storage Manager Client 5.x

Description:
A vulnerability has been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an unspecified error within the IBM Tivoli Storage Manager (TSM) Backup-Archive client, which can be exploited to cause a buffer overflow and potentially execute arbitrary code.

The vulnerability affects the Client Acceptor Daemon (CAD) and the Backup-Archive client scheduler and scheduler service when the option "SCHEDMODE" is set to "PROMPTED".

The vulnerability is reported in the following versions:
* TSM 5.5.0.0 to 5.5.0.7
* TSM 5.4.0.0 to 5.4.2.2
* TSM 5.3.0.0 to 5.3.6.1
* TSM 5.2.0.0 to 5.2.5.2
* TSM 5.1.0.0 to 5.1.8.1
* TSM Express all levels

Solution:
Apply updates (please see vendor advisory for details).

Provided and/or discovered by:
The vendor credits Tipping Point and the Zero Day Initiative.

Original Advisory:
IBM:
http://www-01.ibm.com/support/docview.wss?uid=swg21322623

Release Date: 2008-10-30



Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
DSA-1661-1:
http://lists.debian.org/debian-security-announce/2008/msg00253.html

Other References:
SA32419:
http://secunia.com/advisories/32419/

Release Date: 2008-10-30

Critical:
Not critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9



Description:
Fedora has issued an update for ed. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system.

The security issue is caused due to an error within the "strip_escapes()" function in signal.c when processing overly long filenames. This can be exploited to cause a heap-based buffer overflow by passing a specially crafted filename to the application.

Solution:
Apply updated packages via the yum utility ("yum update ed").

Original Advisory:
FEDORA-2008-9236:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00847.html

FEDORA-2008-9263:
https://www.redhat.com/archives/fedor...e-announce/2008-October/msg00873.html

Release Date: 2008-10-30

Critical:
Highly critical
Impact: Cross Site Scripting
System access

Where: From remote
Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.

Solution:
Update to version 9.62 (see the vendor's advisory for details).

Provided and/or discovered by:
1) The vendor credits Aviv Raff.
2) Reported by the vendor.

Original Advisory:
Opera:
http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: Unknown
Cross Site Scripting
Brute force
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: MyBB (formerly MyBulletinBoard) 1.x

Description:
Some vulnerabilities and a weakness have been reported in MyBB, where some have an unknown impact, and others can be exploited by malicious people to conduct brute force or cross-site scripting attacks.

The vulnerabilities and the weakness are reported in all versions prior to 1.4.3 downloaded on 2008-10-29 or later.

Solution:
Update to version 1.4.3 downloaded on 2008-10-29 or later.

Provided and/or discovered by:
1, 2) Kellanved, NeoThermic, and Techie-Micheal
3) Reported by the vendor.

Original Advisory:
MyBB:
http://community.mybboard.net/thread-39705.html

Kellanved, NeoThermic, and Techie-Micheal:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/065280.html

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Venalsur Booking Centre 2.x

Description:
d3b4g has reported two vulnerabilities in Venalsur Booking Centre, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
d3b4g

Original Advisory:
http://milw0rm.com/exploits/6876

Release Date: 2008-10-30

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Typo 5.x

Description:
L4teral has discovered some vulnerabilities in Typo, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct script insertion attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
L4teral

30 October 2008

Opera has published version 9.62 of its browser to download which resolve a critical vulnerability. The hole became apparent at the end of last week after browser security specialist Aviv Raff published a demo that allowed the running of arbitrary local executable files.

More: http://www.heise-online.co.uk/security/Opera-closes-critical-hole-in-web-browser--/news/111831

30 October 2008

In six weeks, support for Firefox 2 will end. Anyone still using Firefox 2 should soon think about upgrading to Firefox 3. Normally, an existing version reaches its end of life (EOL) six months after the introduction of its successor which would mean, for Firefox 2, mid-December. After that point there would be no more security updates to fix vulnerabilities. Mike Betzner of Mozilla says two-thirds of Firefox's users have already upgraded to Firefox 3.

More: http://www.heise-online.co.uk/security/Firefox-2-End-of-supported-life-approaches--/news/111829