Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - September 13, 2007

by Marianna Schmudlach / September 13, 2007 12:45 AM PDT

Mandriva update for librpcsecgss

Secunia Advisory: SA26792
Release Date: 2007-09-13


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for librpcsecgss. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information see vulnerability #1:
SA26676

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:181

Other References:
SA26676:
http://secunia.com/advisories/26676/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - September 13, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - September 13, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mandriva update for id3lib
by Marianna Schmudlach / September 13, 2007 12:47 AM PDT

Secunia Advisory: SA26793
Release Date: 2007-09-13


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for id3lib. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA26536

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:180

Other References:
SA26536:
http://secunia.com/advisories/26536/

Collapse -
Fedora update for lighttpd
by Marianna Schmudlach / September 13, 2007 12:54 AM PDT

Secunia Advisory: SA26794
Release Date: 2007-09-13


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7

Description:
Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26732

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...announce/2007-September/msg00182.html

Other References:
SA26732:
http://secunia.com/advisories/26732/

Collapse -
Fedora update for samba
by Marianna Schmudlach / September 13, 2007 12:56 AM PDT

Secunia Advisory: SA26795
Release Date: 2007-09-13


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Fedora 7

Description:
Fedora has issued an update for samba. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA26764

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...announce/2007-September/msg00201.html

Other References:
SA26764:
http://secunia.com/advisories/26764/

Collapse -
Fedora update for wordpress
by Marianna Schmudlach / September 13, 2007 12:57 AM PDT

Secunia Advisory: SA26796
Release Date: 2007-09-13


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7

Description:
Fedora has issued an update for wordpress. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks.

For more information:
SA26771

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...announce/2007-September/msg00199.html

Other References:
SA26771:
http://secunia.com/advisories/26771/

Collapse -
Cisco IOS Regular Expressions Denial of Service
by Marianna Schmudlach / September 13, 2007 1:01 AM PDT

Secunia Advisory: SA26798
Release Date: 2007-09-13


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Unpatched


OS: Cisco IOS 12.x
Cisco IOS R12.x

Description:
A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface.

Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials.

The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4.

Solution:
Restrict access to trusted people only.

Provided and/or discovered by:
Sebastian Wiesinger

Original Advisory:
http://www.cisco.com/en/US/products/p...ecurity_response09186a00808bb91c.html

Other References:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html

Collapse -
CS GuestBook User Credentials Information Disclosure
by Marianna Schmudlach / September 13, 2007 1:02 AM PDT

Secunia Advisory: SA26805
Release Date: 2007-09-13


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: CS GuestBook 1.x

Description:
Cr@zy_King has discovered a security issue in CS GuestBook, which can be exploited by malicious people to disclose potentially sensitive information.

The security issue is caused due to the user name and password hash being insecurely stored in e.g. /base/usr/0.php inside the web root. This can be exploited to gain knowledge of sensitive information by downloading the file.

The security issue is confirmed in version 1.1 SP1. Other versions may also be affected.

Solution:
Restrict access to sensitive files (e.g. through the ".htaccess" file).

Use another product.

Provided and/or discovered by:
Cr@zy_King

Collapse -
Media Player Classic AVI File Processing Buffer Overflow
by Marianna Schmudlach / September 13, 2007 1:04 AM PDT

Secunia Advisory: SA26806
Release Date: 2007-09-13


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Media Player Classic 6.x

Description:
Code Audit Labs has discovered a vulnerability in Media Player Classic, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error when processing .AVI files and can be exploited to cause a buffer overflow via a .AVI file with a specially crafted "indx" chunk.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 6.4.9.0. Other versions may also be affected.

Solution:
Do not open untrusted .AVI files.

Provided and/or discovered by:
Code Audit Labs

Original Advisory:
http://www.vulnhunt.com/advisories/CA...handling_AVI_file_vulnerabilities.txt

Collapse -
Storm Player AVI File Processing Buffer Overflow
by Marianna Schmudlach / September 13, 2007 1:05 AM PDT

Secunia Advisory: SA26807
Release Date: 2007-09-13


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Storm Player 1.x

Description:
Code Audit Labs has discovered a vulnerability in Storm Player, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26806

The vulnerability is confirmed in version 1.0.4. Other versions may also be affected.

Solution:
Do not open untrusted .AVI files.

Provided and/or discovered by:
Code Audit Labs

Original Advisory:
http://www.vulnhunt.com/advisories/CA...handling_AVI_file_vulnerabilities.txt

Other References:
SA26806:
http://secunia.com/advisories/26806/

Collapse -
MyMPC AVI File Processing Buffer Overflow
by Marianna Schmudlach / September 13, 2007 1:08 AM PDT

Secunia Advisory: SA26808
Release Date: 2007-09-13


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: MyMPC 1.x

Description:
Code Audit Labs has discovered a vulnerability in MyMPC, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26806

The vulnerability is confirmed in version 1.0.0.1. Other versions may also be affected.

Solution:
Do not open untrusted .AVI files.

Provided and/or discovered by:
Code Audit Labs

Original Advisory:
http://www.vulnhunt.com/advisories/CA...handling_AVI_file_vulnerabilities.txt

Other References:
SA26806:
http://secunia.com/advisories/26806/

Collapse -
Public Exploit Code Targeting Firefox and Quicktime
by Marianna Schmudlach / September 13, 2007 1:26 AM PDT
Collapse -
Callisto PhotoParade Player PhPInfo ActiveX Control Buffer O
by Marianna Schmudlach / September 13, 2007 2:49 AM PDT

TITLE:
Callisto PhotoParade Player PhPInfo ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA26789

VERIFY ADVISORY:
http://secunia.com/advisories/26789/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Callisto PhotoParade Player 5.x
http://secunia.com/product/15719/

DESCRIPTION:
Will Dormann has reported a vulnerability in the Callisto PhotoParade
Player PhPInfo ActiveX control, which potentially can be exploited by
malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error within the
handling of the "FileVersionOf" property of the PhPinfo ActiveX
control (PhPCtrl.dll), which can be exploited to cause a buffer
overflow by e.g. tricking a user into visiting a malicious website.

Successful exploitation may allow the execution of arbitrary code.

SOLUTION:
Set the kill-bit for the affected ActiveX control.

PROVIDED AND/OR DISCOVERED BY:
Will Dormann, CERT/CC

ORIGINAL ADVISORY:
US-CERT VU#171449:
http://www.kb.cert.org/vuls/id/171449

Collapse -
Invision Power Board Multiple Vulnerabilities
by Marianna Schmudlach / September 13, 2007 4:15 AM PDT

TITLE:
Invision Power Board Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26788

VERIFY ADVISORY:
http://secunia.com/advisories/26788/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting

WHERE:
From remote

SOFTWARE:
Invision Power Board 2.x
http://secunia.com/product/3705/

DESCRIPTION:
Some vulnerabilities have been reported in Invision Power Board,
which can be exploited by malicious users to conduct script insertion
attacks or bypass certain access restrictions.

1) Input passed to unspecified fields in the user profile is not
properly sanitised in ips_kernel/class_ajax.php before being used.
This can be exploited to insert arbitrary HTML and script code, which
is executed in an administrative user's browser session in context of
an affected site when the malicious user's profile is being viewed.

Successful exploitation requires that Invision Power Board is
configured to use character sets different from "iso-8859-1" and
"utf-8".

2) An error exists in the subscription manager when processing
payments. This can be exploited to modify a member's ID via a
specially crafted payment form.

Successful exploitation allows e.g. demoting administrators and
moderators to the subscriber's group, but requires that the
subscription packages are enabled.

The vulnerabilities are reported in versions 2.3.1. Prior versions
may also be affected.

SOLUTION:
Download version 2.3.1, which has been updated to fix the
vulnerabilities.
http://www.invisionpower.com/

Apply the vendor patch.
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11869

Follow the manual patch instructions.
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits http://www.turkish-media.com/forum/.
2) The vendor credits http://communityseo.com/forums/.

ORIGINAL ADVISORY:
http://forums.invisionpower.com/index.php?showtopic=237075

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?