Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - September 28, 2007

by Marianna Schmudlach / September 28, 2007 1:49 AM PDT

Internet Explorer "OnKeyDown" Event Focus Weakness

Secunia Advisory: SA27007
Release Date: 2007-09-28


Critical:
Not critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 6.x

Description:
Ronald van den Heetkamp has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to disclose sensitive information.

For more information:
SA25904

The weakness is confirmed in Internet Explorer 6.0 on a fully-patched Windows XP SP2 system. Other versions may also be affected.

Solution:
Disable Active Scripting support.

Do not enter suspicious text when visiting untrusted web sites.

Provided and/or discovered by:
Ronald van den Heetkamp

Original Advisory:
http://www.0x000000.com/index.php?i=437

Other References:
SA25904:
http://secunia.com/advisories/25904/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - September 28, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - September 28, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Aipo / Aipo ASP Session Fixation Vulnerability
by Marianna Schmudlach / September 28, 2007 1:50 AM PDT

Secunia Advisory: SA27004
Release Date: 2007-09-28


Critical:
Less critical
Impact: Hijacking

Where: From remote

Solution Status: Vendor Patch


Software: Aipo 3.x
Aipo ASP 3.x



Description:
A vulnerability has been reported in Aipo and Aipo ASP, which can be exploited by malicious people to conduct session fixation attacks.

The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack a user's session by tricking the user into logging in after following a specially crafted link.

The vulnerability is reported in version 3.0.1.0. Other versions may also be affected.

Solution:
Update to version 3.2.0.4.
http://aipo.aimluck.com/download/update.html

Provided and/or discovered by:
JVN credits Ishikawa Hiroshi

Original Advisory:
http://jvn.jp/jp/JVN%2370075625/index.html
http://aipo.aimluck.com/download/update.html

Collapse -
Gentoo update for lighttpd
by Marianna Schmudlach / September 28, 2007 1:51 AM PDT

Secunia Advisory: SA26997
Release Date: 2007-09-28


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26732

Solution:
Update to "www-servers/lighttpd-1.4.18" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200709-16.xml

Other References:
SA26732:
http://secunia.com/advisories/26732/

Collapse -
Red Hat update for kernel
by Marianna Schmudlach / September 28, 2007 1:53 AM PDT

Secunia Advisory: SA26995
Release Date: 2007-09-28


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA26934

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0936.html
https://rhn.redhat.com/errata/RHSA-2007-0937.html
https://rhn.redhat.com/errata/RHSA-2007-0938.html

Other References:
SA26934:
http://secunia.com/advisories/26934/

Collapse -
IBM WebSphere Application Server for z/OS HTTP Server Vulner
by Marianna Schmudlach / September 28, 2007 1:54 AM PDT

IBM WebSphere Application Server for z/OS HTTP Server Vulnerabilities

Secunia Advisory: SA26993
Release Date: 2007-09-28


Critical:
Less critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Vendor Patch


Software: IBM HTTP Server 6.1.x
IBM WebSphere Application Server 6.1.x

Description:
IBM has acknowledged some vulnerabilities in IBM Websphere Application server for z/OS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or by malicious people to conduct cross-site scripting attacks or cause a DoS (Denial of Service).

For more information:
SA25830
SA26458
SA26722
SA26759

Solution:
Apply APAR PK52702.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
http://www-1.ibm.com/support/docview.wss?uid=swg1PK49295
http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50467
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469

Other References:
SA25830:
http://secunia.com/advisories/25830/

SA26458:
http://secunia.com/advisories/26458/

SA26722:
http://secunia.com/advisories/26722/

SA26759:
http://secunia.com/advisories/26759/

Collapse -
IntegraMOD Nederland(s) "phpbb_root_path" File Inclusion
by Marianna Schmudlach / September 28, 2007 1:55 AM PDT

Secunia Advisory: SA26991
Release Date: 2007-09-28


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: IntegraMOD Nederland(s) 1.x



Description:
xoron has discovered a vulnerability in IntegraMOD Nederland(s), which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "phpbb_root_path" parameter in includes/archive/archive_topic.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.4.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
xoron

Original Advisory:
http://milw0rm.com/exploits/4463

Collapse -
NukeSentinel "write_ban()" SQL Injection
by Marianna Schmudlach / September 28, 2007 1:57 AM PDT

Secunia Advisory: SA26990
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: NukeScripts NukeSentinel 2.x

Description:
Janek Vind has reported a vulnerability in NukeSentinel, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "admin" cookie in the "write_ban()" function in includes/nukesentinel.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.5.12. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Janek Vind a.k.a. waraxe

Original Advisory:
http://www.waraxe.us/advisory-58.html

Collapse -
Apple iPhone Multiple Vulnerabilities
by Marianna Schmudlach / September 28, 2007 1:58 AM PDT

Secunia Advisory: SA26983
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: Hijacking
Security Bypass
Cross Site Scripting
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Apple iPhone 1.x

Description:
Some vulnerabilities, security issues, and a weakness have been reported in the Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or to compromise a vulnerable system.

1) An input validation error when handling SDP (Service Discovery Protocol) packets exists in the iPhone's Bluetooth server. This can be exploited by an attacker in Bluetooth range to cause the application to crash or to execute arbitrary code by sending specially crafted SDP packets.

Successful exploitation requires that Bluetooth is enabled.

2) The problem is that users are not notified about changes of mail servers' identities when Mail is configured to use SSL for incoming and outgoing connections. This can be exploited e.g. to impersonate the user's mail server and obtain the user's email credentials.

Successful exploitation requires a MitM (Man-in-the-Middle) attack.

3) It is possible to cause the iPhone to call a phone number without user confirmation by enticing a user to follow a "tel:" link in a mail message.

4) An error in Safari in the handling of new browser windows can be exploited to disclose the URL of an unrelated page.

For more information see vulnerability #2 in:
SA23893

5) An error in Safari in the handling of "tel:" links can be exploited to cause the iPhone to dial a different number than the one being displayed in the confirmation dialog. Exiting Safari during the confirmation process may result in unintentional confirmation.

6) An error in Safari can be exploited to set Javascript window properties of pages served from other websites when a malicious web site is viewed.

7) Disabling Javascript in Safari does not take effect until Safari is restarted.

Cool An error in Safari allows a malicious website to bypass the same-origin policy using "frame" tags. This can be exploited to execute Javascript code in the context of another site when a user visits a malicious web page.

9) An error in Safari allows Javascript events to be associated with the wrong frame. This can be exploited to execute Javascript code in context of another site when a user visits a malicious web page.

10) An error in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain. This can be exploited to execute Javascript code in context of HTTPS web pages in that domain when a user visits a malicious web page.

Solution:
Update to version 1.1.1 (downloadable and installable via iTunes).

Provided and/or discovered by:
The vendor credits:
1) Kevin Mahaffey and John Hering of Flexilis Mobile Security
3) Andi Baritchi, McAfee
4) Michal Zalewski, Google Inc. and Secunia Research
5) Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI Labs) and Eduardo Tang
6, Cool Michal Zalewski, Google Inc.
10) Keigo Yamazaki of LAC Co., Ltd.

Original Advisory:
http://docs.info.apple.com/article.html?artnum=306586

Other References:
SA23893:
http://secunia.com/advisories/23893/

Collapse -
Gentoo update for tetex
by Marianna Schmudlach / September 28, 2007 1:59 AM PDT

Secunia Advisory: SA26982
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for tetex. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26293

Solution:
Update to "app-text/tetex-3.0_p1-r4" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200709-17.xml

Other References:
SA26293:
http://secunia.com/advisories/26293/

Collapse -
Mandriva update for t1lib
by Marianna Schmudlach / September 28, 2007 2:01 AM PDT

Secunia Advisory: SA26981
Release Date: 2007-09-28


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for t1lib. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.

For more information:
SA26241

Provided and/or discovered by:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:189

Other References:
SA26241:
http://secunia.com/advisories/26241/

Collapse -
rPath update for kernel
by Marianna Schmudlach / September 28, 2007 2:05 AM PDT

Secunia Advisory: SA26980
Release Date: 2007-09-28


Critical:
Not critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.

For more information:
SA26918

Solution:
Update to "kernel=/conary.rpath.com@rpl:devel//1/2.6.22.9-0.1-1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2007-September/000253.html

Other References:
SA26918:
http://secunia.com/advisories/26918/

Collapse -
Ubuntu update for libmodplug
by Marianna Schmudlach / September 28, 2007 2:08 AM PDT

Secunia Advisory: SA26979
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10

Description:
Ubuntu has issued an update for libmodplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

For more information:
SA22658

Solution:
Apply updated packages.

Original Advisory:
http://www.ubuntu.com/usn/usn-521-1

Other References:
SA22658:
http://secunia.com/advisories/22658/

Collapse -
Debian update for kernel
by Marianna Schmudlach / September 28, 2007 2:09 AM PDT

Secunia Advisory: SA26978
Release Date: 2007-09-28


Critical:
Less critical
Impact: Security Bypass
Privilege escalation
DoS

Where: Local system

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.

For more information:
SA23955
SA26934
SA26935

This also fixes a security issue in the JFFS2 file system, where legacy modes were not correctly saved to the medium when POSIX ACL was enabled or ACL was set. This could result in insecure file permissions after a remount of an affected file system.

Solution:
Apply updated packages.

Provided and/or discovered by:
JFFS2 file system security issue originally reported by Michael Stone in an OLPC project bug report.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1378

Other References:
SA23955:
http://secunia.com/advisories/23955/

SA26934:
http://secunia.com/advisories/26934/

SA26935:
http://secunia.com/advisories/26935/

OLPC:
http://dev.laptop.org/ticket/2732

Collapse -
Mandriva update for kdebase
by Marianna Schmudlach / September 28, 2007 2:11 AM PDT

Secunia Advisory: SA26977
Release Date: 2007-09-28


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for kdebase. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

For more information:
SA26894

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:190

Other References:
SA26894:
http://secunia.com/advisories/26894/

Collapse -
Sun Java System Access Manager Two Security Issues
by Marianna Schmudlach / September 28, 2007 2:12 AM PDT

Secunia Advisory: SA26976
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Workaround


Software: Sun Java System Access Manager 7.x

Description:
Two security issues have been reported in Sun Java System Access Manager, which can be exploited by malicious people to bypass certain security restrictions.

1) An unspecified error in Sun Java System Access Manager can cause container-based authentication to work incorrectly. This can be exploited to access administrative applications, e.g. the Admin Console.

Successful exploitation requires that Sun Java System Access Manager is installed in a Sun Java System Application Server 9.1 container and the container is restarted.

2) An unspecified error in Sun Java System Access Manager can potentially be exploited to execute arbitrary code with the privileges of a deployed application.

Successful exploitation requires that Sun Java Access Manager is installed in a Sun Java System Application Server 8.x container.

The security issues are reported in Sun Java Access Manager 7.1 for Solaris 8, 9, and 10 for both the SPARC and x86 platforms, and for Linux, Windows, and HP-UX.

Solution:
The vendor recommends editing the "server.policy" file (please see vendor advisory for details).

A final resolution is reportedly pending completion.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1

Collapse -
ICEOWS IceGUI.DLL ACE Archive Processing Buffer Overflow
by Marianna Schmudlach / September 28, 2007 2:13 AM PDT

Secunia Advisory: SA26973
Release Date: 2007-09-28


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: ICEOWS 4.x

Description:
Tan Chew Keong has discovered a vulnerability in ICEOWS, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in IceGUI.DLL when processing ACE archives. This can be exploited to cause a stack-based buffer overflow via a specially crafted ACE archive with an overly large filename size in the header.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.20b. Other versions may also be affected.

Solution:
Do not extract or open untrusted .ACE archives.

Provided and/or discovered by:
Tan Chew Keong

Original Advisory:
http://vuln.sg/iceows420b-en.html

Collapse -
Xunlei Thunder DapPlayer ActiveX Control Buffer Overflow
by Marianna Schmudlach / September 28, 2007 2:15 AM PDT

Secunia Advisory: SA26964
Release Date: 2007-09-28


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Xunlei Thunder 5.x

Description:
7jdg has reported a vulnerability in Xunlei Thunder, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the DPClient.Vod.1 ActiveX control (DapPlayer_Now.dll) when handling arguments passed to the "DownURL2()" method. This can be exploited to cause a buffer overflow by passing an overly long argument to the affected method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 5.6.9.344. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
7jdg

Original Advisory:
http://1v1.name/show-283-1.html

Collapse -
UPDATE: Google's Gmail CSRF Vulnerability
by Marianna Schmudlach / September 28, 2007 6:13 AM PDT

updated September 28, 2007 at 01:27 pm

US-CERT is aware of a publicly reported cross-site request forgery vulnerability in Google's Gmail. A cross-site request forgery vulnerability may allow a request from an attacker to be interpreted as originating from an authenticated user. Public reports indicate that this vulnerability may allow an attacker to create arbitrary filters for a user's Gmail account.

Until a security fix becomes available, US-CERT recommends users take the following actions that may help mitigate the security risk:


Use a dedicated browser or browsing profile for accessing Gmail accounts.
Use the Google POP service.

Disabling Javascript may partially mitigate this vulnerability.

US-CERT will continue to investigate this issue and provide more information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#goggle_s_gmail_csrf_vulnerability

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!