VULNERABILITIES \ FIXES - October 9, 2008

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Unpatched


Software: Avaya IP Softphone 6.x


Description:
A vulnerability has been reported in Avaya IP Softphone, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling overly large amounts of H.323 data and can be exploited to cause a DoS.

The vulnerability is reported in version 6.01.85. Other versions may also be affected.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Provided and/or discovered by:
VoIPshield

Original Advisory:
Avaya:
http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm

VoIPshield:
http://www.voipshield.com/research-details.php?id=125

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Unpatched


Software: Avaya one-X Desktop Edition 2.x

Description:
A vulnerability has been reported in Avaya one-X Desktop Edition, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the implementation of the Session Initiation Protocol (SIP) and can be exploited to crash the application.

The vulnerability is reported in version 2.1.0.78. Other versions may also be affected.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Provided and/or discovered by:
VoIPshield

Original Advisory:
Avaya:
http://support.avaya.com/elmodocs2/security/ASA-2008-370.htm

VoIPshield:
http://www.voipshield.com/research-details.php?id=124

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x

Description:
Two vulnerabilities have been reported in Avaya Communication Manager, which can be exploited by malicious users to compromise a vulnerable system.

Solution:
CM 3.1.x:
Update to version 3.1.4 SP2 or later.

CM 4.0.x:
Update to version 4.0.3 SP1 or later.

CM 5.0:
Update to version 5.0 SP3 or later.

Provided and/or discovered by:
VoIPshield

Original Advisory:
Avaya:
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm

VoIPshield:
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass
Spoofing
DoS

Where: From local network
Solution Status: Partial Fix


Software: Nortel Multimedia Communication Server 5100 3.x
Nortel Multimedia Communication Server 5100 4.x

Description:
Some vulnerabilities have been reported in Nortel Multimedia Communication Server 5100, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or cause a DoS (Denial of Service).

Solution:
Use the product only in a trusted network environment.

Vulnerability #2 is partially fixed in version 3.5.9.

Provided and/or discovered by:
VoIPshield

Original Advisory:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845

VoIPshield:
http://voipshield.com/research-details.php?id=119
http://voipshield.com/research-details.php?id=120

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Vendor Patch


Software: Drupal 5.x
Drupal 6.x

Description:
Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Update to version 5.11 or 6.5. Grant the "Administer content with BlogAPI" permission to trusted users only.

Provided and/or discovered by:
1) St

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Drupal 5.x

Description:
Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people and users to bypass certain security restrictions.

The vulnerabilities are reported in all 5.x versions prior to 5.11.

Solution:
Update to version 5.11.

Provided and/or discovered by:
1) Damien Tournoud, Drupal security team
2) Derek Wright, Drupal security team

Original Advisory:
DRUPAL-SA-2008-060:
http://drupal.org/node/318706

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Vendor Patch


Software: Drupal 6.x

Description:
A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the core upload module. This can be exploited to attach arbitrary files to content, without valid credentials.

Successful exploitation requires that the core upload module is enabled.

The vulnerability is reported in all 6.x versions prior to 6.5.

Solution:
Update to version 6.5.

Provided and/or discovered by:
Damien Tournoud, Drupal security team

Original Advisory:
DRUPAL-SA-2008-060:
http://drupal.org/node/318706

SUSE update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla

Release Date: 2008-10-09

Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SUSE has issued an update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
SUSE-SA:2008:050:
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Other References:
SA31984:
http://secunia.com/advisories/31984/

SA32007:
http://secunia.com/advisories/32007/

SA32010:
http://secunia.com/advisories/32010/

SA32144:
http://secunia.com/advisories/32144/

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: AJAX Picture Preview 6.x (module for Drupal)
Banner Rotor 6.x (module for Drupal)
Creative Commons Lite 6.x (module for Drupal)
Keyboard shortcut utiilty 6.x (module for Drupal)
Live 6.x (module for Drupal)
LiveJournal CrossPoster 6.x (module for Drupal)
Taxonomy import/export via XML 6.x (module for Drupal)

Description:
A vulnerability has been reported in various modules for Drupal, which can be exploited by malicious people to bypass certain security restrictions or disclose sensitive information.

The vulnerability is caused due to improper access restriction. This can potentially be exploited to display unspecified data or to access administrative functions without valid user credentials.

The vulnerability is reported in the following modules:

* Live prior to version 6.x-1.0
* AJAX Picture Preview prior to version 6.x-1.2
* Banner Rotor prior to version 6.x-1.3
* Creative Commons Lite prior to version 6.x-1.1
* Keyboard shortcut utiilty prior to version 6.x-1.1
* LiveJournal CrossPoster prior to version 6.x-1.4
* Taxonomy import/export via XML prior to version 6.x-1.2

Solution:
Update to:

* Live version 6.x-1.0
* AJAX Picture Preview version 6.x-1.2
* Banner Rotor version 6.x-1.3
* Creative Commons Lite version 6.x-1.1
* Keyboard shortcut utiilty version 6.x-1.1
* LiveJournal CrossPoster version 6.x-1.4
* Taxonomy import/export via XML version 6.x-1.2

Provided and/or discovered by:
John Morahan and Peter Wolanin, Drupal security team

Original Advisory:
DRUPAL-SA-2008-063:
http://drupal.org/node/318739

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Privilege escalation

Where: From remote
Solution Status: Unpatched


Software: EveryBlog 5.x (module for Drupal)
EveryBlog 6.x (module for Drupal)

Description:
Some vulnerabilities have been reported in the EveryBlog module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and gain escalated privileges.

Solution:
Use another product as all releases of the module have been removed from Drupal.org.

Provided and/or discovered by:
1-3) Drupal security team
4) The vendor credits Dan Hassel.

Original Advisory:
DRUPAL-SA-2008-061:
http://drupal.org/node/318746

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: SIOC 5.x (module for Drupal)
SIOC 6.x (module for Drupal)

Description:
A vulnerability has been reported in the SIOC (Semantically-Interconnected Online Communities) module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

The vulnerability is caused due to improper access restriction. This can be exploited to display comments, hashed e-mail messages, usernames, and roles without valid user credentials.

The vulnerability is reported in all 5.x versions prior to 5.x-1.2 and all 6.x versions prior to 6.x-1.1.

Solution:
Update to version 5.x-1.2 or 6.x-1.1.

Provided and/or discovered by:
St

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Unpatched


OS: Avaya SIP Enablement Services (SES) 3.x



Software: Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x

Description:
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm

Other References:
SA29156:
http://secunia.com/advisories/29156/

SA29569:
http://secunia.com/advisories/29569/

SA30886:
http://secunia.com/advisories/30886/

SA31044:
http://secunia.com/advisories/31044/

SA31674:
http://secunia.com/advisories/31674/

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information
DoS

Where: From local network
Solution Status: Vendor Patch


Software: Cisco Unity 4.x
Cisco Unity 5.x
Cisco Unity 7.x

Description:
Some vulnerabilities and a security issue have been reported in Cisco Unity, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

Solution:
Update to version 4.0ES161, 5.0ES53, or 7.0ES8.
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=274246502

Provided and/or discovered by:
VoIPshield Systems

Original Advisory:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml
http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml

VoIPshield:
http://www.voipshield.com/research-de...0&sort=discovered&sortby=DESC
http://www.voipshield.com/research-de...0&sort=discovered&sortby=DESC
http://www.voipshield.com/research-de...0&sort=discovered&sortby=DESC

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: Graphviz 2.x

Description:
Roee Hay has discovered a vulnerability in Graphviz, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "push_subg()" function in lib/graph/parser.c, which can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. tricking a user into processing a specially crafted dot file.

The vulnerability is confirmed in version 2.20.2. Other versions may also be affected.

Solution:
Update to version 2.20.3.
http://www.graphviz.org/Download.php

Provided and/or discovered by:
Roee Hay

Original Advisory:
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html

Release Date: 2008-10-09

Critical:
Highly critical
Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
DSA-1649-1:
http://lists.debian.org/debian-security-announce/2008/msg00240.html

Other References:
SA31984:
http://secunia.com/advisories/31984/

Release Date: 2008-10-09

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: WOW Raid Manager 3.x

Description:
A vulnerability has been reported in WOW Raid Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Solution:
Update to version 3.5.1:
http://www.wowraidmanager.net/downloadrel.php

Provided and/or discovered by:
Reported by vendor.

Original Advisory:
Sourceforge:
http://sourceforge.net/project/shownotes.php?release_id=631789

WOW Raid Manager:
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2044.post

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass
Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: vbDrupal 5.x

Description:
Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious people and users to bypass certain security restrictions.

Solution:
Update to version 5.11.0. Grant the "Administer content with BlogAPI" permission to trusted users only.

Provided and/or discovered by:
Reported in Drupal by Damien Tournoud, Derek Wright, St

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Hispah Text Links Ads 1.x

Description:
Some vulnerabilities have been reported in Hispah Text Links Ads, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "idcat" and "idtl" parameters in index.php (when "action" is set to "buy") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in version 1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Cyb3r-1sT and an anonymous person.

Original Advisory:
http://milw0rm.com/exploits/6701

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: AdMan 1.x

Description:
SuB-ZeRo has reported a vulnerability in AdMan, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "campaignId" parameter in advertiser/editCampaign.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 1.1.20070907. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
SuB-ZeRo

Original Advisory:
http://milw0rm.com/exploits/6702

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Unknown

Where: From remote
Solution Status: Vendor Patch


Software: YaCy 0.x

Description:
Some vulnerabilities with unknown impacts have been reported in YaCy.

The vulnerabilities are caused due to unspecified errors. No more information is currently available.

Solution:
Update to version 0.61.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://freshmeat.net/projects/yacy/?branch_id=51198&release_id=286006

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server



Software: WinZip 11.x

WinZip GDI+ Multiple Vulnerabilities
Secunia Advisory: SA32154 Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-10-09
Popularity: 210 views


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server



Software: WinZip 11.x



Subscribe: Instant alerts on relevant vulnerabilities


CVE reference: CVE-2007-5348
CVE-2008-3012
CVE-2008-3013
CVE-2008-3014
CVE-2008-3015




Description:
Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to the inclusion of a vulnerable Microsoft "gdiplus.dll" library.


The vulnerabilities are reported in versions 11.0, 11.1, and 11.2 when installed on Windows 2000.

Solution:
Update to version 11.2 SR-1.
http://download.winzip.com/nrb/winzip112.exe

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Winzip:
http://www.winzip.com/wz112sr1.htm

Other References:
SA31675:
http://secunia.com/advisories/31675/

Release Date: 2008-10-09

Critical:
Less critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: ModSecurity 2.x

Description:
A vulnerability has been reported in ModSecurity, which potentially can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the transformation caching, which may be exploited to evade ModSecurity under certain unspecified circumstances.

Successful exploitation requires that "SecCacheTransformations" is enabled.

Note: It was also reported that this option is unstable and may crash the web server.

The vulnerability is reported in version 2.5.0 through 2.5.5.

Solution:
Update to version 2.5.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://blog.modsecurity.org/2008/08/transformation.html
http://freshmeat.net/projects/modsecurity/?branch_id=34901&release_id=282329

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Unpatched


Software: Avaya Application Enablement Services 3.x

Description:
Avaya has acknowledged a vulnerability in Avaya Application Enablement Services (AES), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

The vulnerability is reported in version 3.1.6.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-375.htm

Other References:
SA31610:
http://secunia.com/advisories/31610/

Release Date: 2008-10-09

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x

Description:
A vulnerability has been reported in Avaya Communication Manager, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to a configuration error in the included web server and can be exploited to gain access to restricted files (e.g. configuration and log files).

The vulnerability is reported in versions 3.1.x, 4.0.3, and 5.x.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Provided and/or discovered by:
VoIPshield

Original Advisory:
Avaya:
http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm

VoIPshield:
http://www.voipshield.com/research-details.php?id=123

9 October 2008,

The Japanese division of Taiwanese computer and component manufacturer Asus is warning customers that shipping versions of its Eee Box B202 desktop computer are infected with a virus. According to Asus, the virus is located on the D drive in a file called recycled.exe. When the user opens the D drive, the virus is triggered and immediately starts copying itself onto the C drive and any connected USB media.

More: http://www.heise-online.co.uk/security/Asus-warns-of-a-virus-infection-in-shipping-Eee-Boxes--/news/111691

9 October 2008

Cisco has released security updates for its Unity unified messaging system. Unity links with Microsoft Exchange Server and Lotus Notes, integrating voicemail and fax into an enterprise email system, allowing users to access their voicemails over the internet, to listen to emails over the phone server, remotely handle and forward faxes and so on.

More: http://www.heise-online.co.uk/security/Cisco-patches-Unity-Server--/news/111692

October 9th, 2008

Buried in the flurry of feature-related news surrounding the release of Opera 9.6 is the fact that the update fixes an ?extremely severe? vulnerability that could expose Opera users to code execution attacks.

According to an Opera advisory, which is not mentioned anywhere in Opera?s giddy press release, there?s a patch out for an issue where specially crafted addresses could execute arbitrary code.

Here?s how Opera describes the vulnerability, which was discovered and reported by Matasano?s Chris Rohlf:

More: http://blogs.zdnet.com/security/?p=2012

added October 9, 2008 at 03:06 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release cycle will contain 11 bulletins, four of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, Host Integration Server, and Office. There will also be six Important bulletins for Microsoft Windows. The remaining bulletin, for Microsoft Windows, will have the severity rating of Moderate. Release of these bulletins is scheduled for Tuesday, October 14.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#microsoft_releases_advance_notification_for17