Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - September 18, 2008

by Marianna Schmudlach / September 18, 2008 12:21 AM PDT

SUSE update for gnutls

Release Date: 2008-09-18

Critical:
Highly critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x

Description:
SuSE has issued an update for gnutls. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
SUSE-SA:2008:046:
http://www.novell.com/linux/security/advisories/2008_46_gnutls.html

Other References:
SA30287:
http://secunia.com/advisories/30287/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - September 18, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - September 18, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
TYPO3 phpMyAdmin Extension PHP Code Execution Vulnerability
by Marianna Schmudlach / September 18, 2008 12:22 AM PDT

Release Date: 2008-09-18

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


Software: phpMyAdmin (phpmyadmin) Extension for TYPO3 3.x

Description:
A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to compromise a vulnerable system.

Solution:
Update to version 3.3.0:
http://typo3.org/extensions/repository/view/phpmyadmin/3.3.0/

Provided and/or discovered by:
Originally reported in phpMyAdmin by Norman Hippert.

Original Advisory:
http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/

Other References:
SA31884:
http://secunia.com/advisories/31884/

Collapse -
Drupal Link To Us Module "Link page header" Script Insertion
by Marianna Schmudlach / September 18, 2008 12:24 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Link To Us 5.x (module for Drupal)

Description:
Justin C. Klein Keane has reported a vulnerability in the Link To Us module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the "Link page header" form field in Administer->Site Configuration->Link to Us is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed by clicking "Share this page".

Successful exploitation requires valid user credentials.

The vulnerability is reported in version 5.x-1.0.

Solution:
Update to version 5.x-1.1.

Provided and/or discovered by:
Justin C. Klein Keane

Original Advisory:
DRUPAL-SA-2008-052:
http://drupal.org/node/309861

Justin C. Klein Keane:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064527.html

Collapse -
Fedora Directory Server Denial of Service Vulnerabilities
by Marianna Schmudlach / September 18, 2008 12:25 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


Software: Fedora Directory Server 1.x

Description:
Some vulnerabilities have been reported in Fedora Directory Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to version 1.1.2

Original Advisory:
Fedora:
http://directory.fedoraproject.org/wiki/Release_Notes

https://bugzilla.redhat.com/show_bug.cgi?id=452721

Other References:
SA31627:
http://secunia.com/advisories/31627/

Collapse -
Gallery Symlink ZIP Archive Information Disclosure
by Marianna Schmudlach / September 18, 2008 12:26 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Gallery 1.x
Gallery 2.x

Description:
A vulnerability has been reported in Gallery, which can be exploited by malicious users to disclose sensitive information.

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Successful exploitation requires valid user credentials with the permission to add photos.

The vulnerability is reported in all 1.x versions prior to 1.5.9 and all 2.x versions prior to 2.2.6.

Solution:
Update to version 1.5.9 or 2.2.6.

Provided and/or discovered by:
The vendor credits Alex Ustinov.

Original Advisory:
http://gallery.menalto.com/gallery_1.5.9_released
http://gallery.menalto.com/gallery_2.2.6_released

Collapse -
Drupal Talk Module Script Insertion and Security Bypass
by Marianna Schmudlach / September 18, 2008 12:27 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


Software: Talk 5.x (module for Drupal)
Talk 6.x (module for Drupal)

Description:
Two vulnerabilities have been reported in the Talk module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to bypass certain security restrictions.

Solution:
Update to version 5.x-1.3 or 6.x-1.5.

Provided and/or discovered by:
The vendor credits christefano.

Original Advisory:
DRUPAL-SA-2008-049:
http://drupal.org/node/309758

Collapse -
FFmpeg libavformat gifdec.c GIF Processing Denial of Service
by Marianna Schmudlach / September 18, 2008 12:29 AM PDT

Release Date: 2008-09-18

Critical:
Not critical
Impact: DoS

Where: From remote
Solution Status: Unpatched


Software: FFmpeg 0.x

Description:
A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within libavformat/gifdec.c when processing malformed GIF images. This can be exploited to e.g. crash an application using the library via a specially crafted GIF file.

Solution:
The vendor removed the vulnerable file in the GIT repository. Do not process untrusted GIF images.

Provided and/or discovered by:
Sam Hocevar

Original Advisory:
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530

Collapse -
FlexNET Connect Insecure Script Execution Vulnerability
by Marianna Schmudlach / September 18, 2008 12:30 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: Acresso FLEXnet Connect
Macrovision FLEXnet Connect 6.x
Macrovision InstallShield



Description:
Brian Dowling has reported a vulnerability in FlexNET Connect, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the client retrieving and executing script code ("rules") from update servers in an insecure manner, which can be exploited to execute arbitrary code when a client checks for updates. This check can e.g. be triggered via the FLEXnet Connect ActiveX control when a user visits a specially crafted web page.

Successful exploitation requires e.g. a MitM (Man-in-the-Middle) or DNS spoofing attack.

This vulnerability is reported in Acresso FlexNET Connect, Macrovision FlexNET Connect, and InstallShield Update Service.

Solution:
Disable the update service to prevent receiving update rules.

Provided and/or discovered by:
Brian Dowling, Simplicity Communications

Original Advisory:
Simplicity Communications:
http://www.simplicity.net/vuln/CVE-2008-1093.txt

Other References:
US-CERT VU#837092:
http://www.kb.cert.org/vuls/id/837092

Collapse -
Sun Solaris Editors Tag File Handling Privilege Escalation
by Marianna Schmudlach / September 18, 2008 12:31 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9


Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an unspecified error within the handling of tag files in the Solaris editors (vi, ex, vedit, view, and edit). This can be exploited to execute arbitrary code with privileges of another user when the "-t" option or the ":tag" command in a Solaris text editor is used.

The vulnerability is reported in Solaris 8,9, and 10 for the SPARC and x86 platforms.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Eli the Bearded.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237987-1

Collapse -
Data Dynamics ActiveReports ARViewer2 ActiveX Control Insecu
by Marianna Schmudlach / September 18, 2008 12:32 AM PDT

Release Date: 2008-09-18

Critical:
Highly critical
Impact: Manipulation of data
System access

Where: From remote
Solution Status: Unpatched


Software: Data Dynamics ActiveReports 2.x

Description:
Tan Chew Keong has reported some vulnerabilities in Data Dynamics ActiveReports, which can be exploited by malicious people to overwrite arbitrary files and compromise a user's system.

The vulnerabilities are caused due to the DDActiveReportsViewer2.ARViewer2 (ARVIEW2.OCX) ActiveX control including the insecure methods "Pages.Save()", "PrintReport()", and "Canvas.Save()", which write to a file specified as an argument. This can be exploited to overwrite and corrupt arbitrary files on the system in the context of the currently logged-on user. The "Canvas.Save()" method further allows writing user specified data into arbitrary files.

Successful exploitation requires that a user is e.g. tricked into visiting a malicious website.

The vulnerabilities are reported in Data Dynamics ActiveReport Professional Edition Build 2.5.0.1314 (ARView2.ocx version 2.5.0.1314). Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Tan Chew Keong, vuln.sg

Original Advisory:
http://vuln.sg/ddarviewer2501314-en.html

Collapse -
Drupal Mailsave Module MIME Type Script Insertion
by Marianna Schmudlach / September 18, 2008 12:33 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Mailsave 5.x (module for Drupal)
Mailsave 6.x (module for Drupal)


Description:
A vulnerability has been reported in the Mailsave module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Input passed as MIME media types in e-mail messages with attached files is not properly verified before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation requires valid user credentials.

The vulnerability is reported in all 5.x versions prior to 5.x-3.3 and all 6.x versions prior to 6.x-1.3.

Solution:
Update to version 5.x-3.3 or 6.x-1.3.

Provided and/or discovered by:
The vendor credits Mark Burdett.

Original Advisory:
DRUPAL-SA-2008-051:
http://drupal.org/node/309802

Collapse -
rPath update for wireshark
by Marianna Schmudlach / September 18, 2008 12:35 AM PDT

Release Date: 2008-09-18

Critical:
Moderately critical
Impact: DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to:
wireshark=conary.rpath.com@rpl:1/1.0.3-0.1-1

Original Advisory:
https://issues.rpath.com/browse/RPL-2835

Other References:
SA31674:
http://secunia.com/advisories/31674/

Collapse -
Drupal Mailhandler Module Unspecified SQL Injection
by Marianna Schmudlach / September 18, 2008 12:36 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Manipulation of data
Privilege escalation

Where: From remote
Solution Status: Vendor Patch


Software: Mailhandler 5.x (module for Drupal)
Mailhandler 6.x (module for Drupal)

Description:
A vulnerability has been reported in the Mailhandler module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. getting administrator access, but requires valid user credentials.

The vulnerability is reported in all 5.x versions prior to 5.x-1.4 and all 6.x versions prior to 6.x-1.4.

Solution:
Update to version 5.x-1.4 or 6.x-1.4.

Provided and/or discovered by:
The vendor credits Zohar Stolar.

Original Advisory:
DRUPAL-SA-2008-050:
http://drupal.org/node/309769

Collapse -
Gallery Flash Animation Script Insertion Vulnerability
by Marianna Schmudlach / September 18, 2008 12:37 AM PDT

Release Date: 2008-09-18

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Gallery 2.x

Description:
A vulnerability has been reported in Gallery, which can be exploited by malicious users to conduct script insertion attacks.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation requires valid user credentials.

The vulnerability is reported in all 2.x versions prior to 2.2.6.

Solution:
Update to version 2.2.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://gallery.menalto.com/gallery_2.2.6_released

Collapse -
Accellion File Transfer Appliance "api_error_email.html" Se
by Marianna Schmudlach / September 18, 2008 12:38 AM PDT

Release Date: 2008-09-18

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote
Solution Status: Vendor Patch


Software: Accellion File Transfer Appliance 7.x

Description:
Eric BEAULIEU has reported a vulnerability in Accellion File Transfer Appliance, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the "courier/1000@/api_error_email.html" script allowing to send emails to arbitrary addresses, which can be exploited to e.g. send spam mails via specially crafted HTTP requests to an affected system.

The vulnerability is reported in versions prior to version FTA_7_0_189.

Solution:
Update to version FTA_7_0_189.

Provided and/or discovered by:
Eric BEAULIEU

Original Advisory:
http://zebux.free.fr/pub/Advisory/Adv..._SPAM_Engine_Vulnerability_200808.txt

Collapse -
WebPortal CMS "aid" SQL Injection Vulnerability
by Marianna Schmudlach / September 18, 2008 12:39 AM PDT

Release Date: 2008-09-18

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: WebPortal CMS 0.7.x

Description:
StAker has discovered a vulnerability in WebPortal CMS, which can be exploited by malicious people to conduct SQL injection attacks.

Input to the "aid" parameter in download.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is confirmed in version 0.7.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR

Original Advisory:
http://milw0rm.com/exploits/6443

Collapse -
Denora IRC Stats Denial of Service Vulnerability
by Marianna Schmudlach / September 18, 2008 12:42 AM PDT

Release Date: 2008-09-18

Critical:
Moderately critical
Impact: DoS

Where: From remote
Solution Status: Vendor Patch


Software: Denora IRC Stats 1.x

Description:
A vulnerability has been reported in Denora IRC Stats, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error related to the handling of ctcp version replies and can potentially be exploited to crash the service.

The vulnerability is reported in versions prior to 1.4.1.

Solution:
Update to version 1.4.1 or later.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev.denorastats.org/news/show/4

Collapse -
Adobe Releases Security Advisory for Mac Illustrator
by Marianna Schmudlach / September 18, 2008 12:44 AM PDT

added September 18, 2008 at 08:56 am

Adobe has released a Security Advisory to alert users of potential vulnerabilities affecting the Macintosh version of Illustrator CS2. By convincing a user to open a malicious Adobe Illustrator file, an attacker may be able to execute arbitrary code.

In the advisory, Adobe recommends that users exercise caution when receiving unsolicited or suspicious files. Adobe also states that they are currently unaware of any public exploitation of these vulnerabilities.

US-CERT will provide more information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#adobe_releases_security_advisory_for

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.