Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 12, 2007

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 12, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 12, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
HP OpenView Network Node Manager Read Access and Code Execut

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0153
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

Two vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to take complete control of an affected system.

The first issue is due to an input validation error when processing user-supplied requests, which could be exploited by remote unauthenticated attackers to execute arbitrary commands with the privileges of the NNM server.

The second issue is due to an unspecified access validation error, which could be exploited remotely by attackers to gain unauthorized read access to arbitrary files with the permissions of the NNM server.

Affected Products

HP OpenView Network Node Manager (OV NNM) version 6.20
HP OpenView Network Node Manager (OV NNM) version 6.4x
HP OpenView Network Node Manager (OV NNM) version 7.01
HP OpenView Network Node Manager (OV NNM) version 7.50

Solution

Apply patches :
http://support.openview.hp.com/patches/

References

http://www.frsirt.com/english/advisories/2007/0153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00809525
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00809410

Credits

Vulnerabilities reported by Tenable Network Security and the vendor

Collapse -
CA BrightStor ARCserve Backup Multiple Remote Command Execu

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0154
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

Multiple vulnerabilities have been identified in CA BrightStor ARCserve Backup, which could be exploited by remote attackers to take complete control of an affected system. These issues are due to buffer overflow errors in the Tape Engine, Message Engine, and Mediasrv services when processing specially crafted RPC requests sent to ports 6502/TCP, 6503/TCP, and 6504/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary commands with elevated privileges.

Affected Products

CA BrightStor ARCserve Backup r11.5
CA BrightStor ARCserve Backup r11.1
CA BrightStor ARCserve Backup for Windows r11
CA BrightStor Enterprise Backup r10.5
CA BrightStor ARCserve Backup 9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Solution

Apply patch for BrightStor ARCserve Backup r11.5 :
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84983

Apply patch for BrightStor ARCserve Backup r11.1 :
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84984

Apply patch for BrightStor ARCserve Backup for Windows r11 :
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917

Apply patch for BrightStor Enterprise Backup r10.5 :
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84986

Apply patch for BrightStor ARCserve Backup v9.01 :
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985

References

http://www.frsirt.com/english/advisories/2007/0154
http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
http://www.zerodayinitiative.com/advisories/ZDI-07-002.html
http://www.zerodayinitiative.com/advisories/ZDI-07-003.html
http://www.zerodayinitiative.com/advisories/ZDI-07-004.html
http://www.iss.net/threats/252.html
http://www.iss.net/threats/253.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=467

Credits

Vulnerabilities reported by LSsecurity, Tenable Network Security, Paul Mehta (IBM Internet Security Systems X-Force), ZDI, and iDefense Labs.

Collapse -
Snort Generic Routing Encapsulation "DecodeGRE()" Integer Un

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0152
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

A vulnerability has been identified in Snort, which could be exploited by remote attackers to cause a denial of service. This issue is due to an integer underflow error in the "DecodeGRE()" [decode.c] function when processing specially crafted Generic Routing Encapsulation (GRE) packets, which could be exploited by remote attackers to cause an application compiled with "--enable-gre" and run with the "-d" flag to crash or leak arbitrary portions of memory.

Note : Another issue has been identified in the processing of certain network packets. It could be exploited by attackers to cause a vulnerable application to perform large backtracking operations and exhaust all available memory resources, creating a denial of service condition.

Affected Products

Snort versions 2.6.x

Solution

Fixes are available via CVS :
http://cvs.snort.org/viewcvs.cgi/snort/

References

http://www.frsirt.com/english/advisories/2007/0152
http://labs.calyptix.com/advisories/CX-2007-01.txt
http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf

Credits

Vulnerabilities reported by Chris Rohlf (Calyptix Security), Randy Smith, Christian Estan, and Somesh Jha (University of Wisconsin-Madison)

Collapse -
Novell BorderManager Client Firewall Application Window Priv

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0144
CVE ID : CVE-2006-3697
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-01-11

A vulnerability has been identified in Novell BorderManager Client Firewall, which could be exploited by local attackers to obtain elevated privileges. This issue was initially discovered in Outpost Firewall, which Novell Client Firewall is based on. For additional information, see : FrSIRT/ADV-2006-2852

Affected Products

Novell BorderManager Client Firewall version 2.0 Build 0727 and prior
Novell BorderManager version 3.7
Novell BorderManager version 3.8

Solution

The vendors recommends disabling the Drag and drop or copy and paste files option in Windows :
http://support.microsoft.com/kb/888534

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0144
https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html

Collapse -
Ubuntu Security Update Fixes Fetchmail Password Disclosure a

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0151
CVE ID : CVE-2006-5867
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

Ubuntu has released security updates to address multiple vulnerabilities identified in Fetchmail. These issues could be exploited by attackers to cause a denial of service or disclose sensitive information. For additional information, see : FrSIRT/ADV-2007-0087

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to fetchmail 6.2.5-13ubuntu3.3
Ubuntu 6.06 LTS - Upgrade to fetchmail 6.3.2-2ubuntu2.1
Ubuntu 6.10 - Upgrade to fetchmail 6.3.4-1ubuntu4.1

References

http://www.frsirt.com/english/advisories/2007/0151
http://www.ubuntu.com/usn/usn-405-1

Collapse -
Mandriva Security Update Fixes Mozilla Firefox Multiple Code

In reply to: VULNERABILITIES - January 12, 2007

Advisory ID : FrSIRT/ADV-2007-0150
CVE ID : CVE-2006-6497 - CVE-2006-6498 - CVE-2006-6501 - CVE-2006-6502 - CVE-2006-6503 - CVE-2006-6504
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

Mandriva has released security updates to address multiple vulnerabilities identified in Mozilla Firefox. These issues could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2006-5068

Affected Products

Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0150
http://archives.mandrivalinux.com/security-announce/2007-01/msg00015.php

Collapse -
Mandriva Security Update Fixes Mozilla Thunderbird Multiple

In reply to: VULNERABILITIES - January 12, 2007

Mandriva Security Update Fixes Mozilla Thunderbird Multiple Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0149
CVE ID : CVE-2006-6497 - CVE-2006-6498 - CVE-2006-6501 - CVE-2006-6502 - CVE-2006-6503 - CVE-2006-6504 - CVE-2006-6505
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12

Mandriva has released security updates to address multiple vulnerabilities identified in Mozilla Thunderbird. These issues could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2006-5068

Affected Products

Mandriva Linux 2007.0
Mandriva Corporate 3.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0149
http://archives.mandrivalinux.com/security-announce/2007-01/msg00017.php

Collapse -
FreeBSD Security Update Fixes Jail "rc.d" Script Local Privi

In reply to: VULNERABILITIES - January 12, 2007

FreeBSD Security Update Fixes Jail "rc.d" Script Local Privilege Escalation Vulnerability

Advisory ID : FrSIRT/ADV-2007-0148
CVE ID : CVE-2007-0166
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-01-12

FreeBSD has released security updates to address a vulnerability identified in Jail. This issue is due to an error in the jail "rc.d" script that does not check if a path inside the jail file system structure is a symbolic link when writing the output from the jail start-up to "/var/log/console.log" and when mounting and unmounting file systems inside the jail directory structure, which could be exploited by malicious users to conduct symlink attacks and execute arbitrary commands with non-jailed superuser privileges.

Affected Products

FreeBSD 6.x
FreeBSD 5.x

Solution

Apply patch for FreeBSD 5.5 :
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc

Apply patch for FreeBSD 6.0 :
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch.asc

Apply patch for FreeBSD 6.1 :
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch
# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch.asc

References

http://www.frsirt.com/english/advisories/2007/0148
http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc

Credits

Vulnerability reported by Dirk Engling

Collapse -
Ubuntu update for openoffice.org

In reply to: VULNERABILITIES - January 12, 2007

TITLE:
Ubuntu update for openoffice.org

SECUNIA ADVISORY ID:
SA23711

VERIFY ADVISORY:
http://secunia.com/advisories/23711/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for openoffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23612

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-January/000465.html

OTHER REFERENCES:
SA23612:
http://secunia.com/advisories/23612/

Collapse -
Ubuntu update for fetchmail

In reply to: VULNERABILITIES - January 12, 2007

TITLE:
Ubuntu update for fetchmail

SECUNIA ADVISORY ID:
SA23714

VERIFY ADVISORY:
http://secunia.com/advisories/23714/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From local network

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for fetchmail. This fixes a
vulnerability, which can be exploited by malicious people to gain
knowledge of potentially sensitive information.

For more information:
SA23631

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-405-1

OTHER REFERENCES:
SA23631:
http://secunia.com/advisories/23631/

Collapse -
SUSE update for mozilla

In reply to: VULNERABILITIES - January 12, 2007

ITLE:
SUSE update for mozilla

SECUNIA ADVISORY ID:
SA23672

VERIFY ADVISORY:
http://secunia.com/advisories/23672/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
SUSE Linux 10.1
http://secunia.com/product/10796/
SUSE Linux 10
http://secunia.com/product/6221/
SUSE Linux 9.3
http://secunia.com/product/4933/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and potentially compromise a
user's system.

For more information:
SA23422

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0006.html

OTHER REFERENCES:
SA23422:
http://secunia.com/advisories/23422/

Collapse -
Apple Mac OS X UFS "byte_swap_sbin()" Denial of Service

In reply to: VULNERABILITIES - January 12, 2007

TITLE:
Apple Mac OS X UFS "byte_swap_sbin()" Denial of Service

SECUNIA ADVISORY ID:
SA23725

VERIFY ADVISORY:
http://secunia.com/advisories/23725/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
LMH has reported a vulnerability in Apple Mac OS X, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an integer overflow error in the
"byte_swap_sbin()" function in bsd/ufs/ufs/ufs_byte_order.c and can
be exploited to cause a system panic.

NOTE: This is only remotely exploitable via the Safari web browser
when the "opening safe files after downloading" option is enabled.

The vulnerability is reported on Mac OS X 10.4.8 running on a x86
platform. Other versions may also be affected.

SOLUTION:
Disable the "opening safe files after downloading" option. Grant only
trusted users access to the system.

PROVIDED AND/OR DISCOVERED BY:
LMH

ORIGINAL ADVISORY:
http://projects.info-pull.com/moab/MOAB-11-01-2007.html

Collapse -
xine-ui "errors_create_window()" Format String Vulnerability

In reply to: VULNERABILITIES - January 12, 2007

TITLE:
xine-ui "errors_create_window()" Format String Vulnerability

SECUNIA ADVISORY ID:
SA23709

VERIFY ADVISORY:
http://secunia.com/advisories/23709/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
xine-ui 0.x
http://secunia.com/product/3241/

DESCRIPTION:
A vulnerability has been reported in xine-ui, which potentially can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a format string error within the
"errors_create_window()" function in errors.c. This may be exploited
to execute arbitrary code by e.g. tricking a user into opening a
specially crafted playlist file.

The vulnerability is reported in version 0.99.4. Other versions may
also be affected.

SOLUTION:
Fixed in the CVS repository.

PROVIDED AND/OR DISCOVERED BY:
Reported by Sven Czaja after testing an exploit for VLC by Kevin
Finisterre with xine-ui.

Collapse -
SUSE update for cacti

In reply to: VULNERABILITIES - January 12, 2007

TITLE:
SUSE update for cacti

SECUNIA ADVISORY ID:
SA23665

VERIFY ADVISORY:
http://secunia.com/advisories/23665/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Manipulation of data, System access

WHERE:
From remote

OPERATING SYSTEM:
SUSE Linux 9.3
http://secunia.com/product/4933/
SUSE Linux 10.1
http://secunia.com/product/10796/
SUSE Linux 10
http://secunia.com/product/6221/

DESCRIPTION:
SUSE has issued an update for cacti. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, manipulate data and compromise vulnerable systems.

For more information:
SA23528

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0007.html

OTHER REFERENCES:
SA23528:
http://secunia.com/advisories/23528

Collapse -
Ipswitch WS_FTP 2007 Professional "wsftpurl" access

In reply to: VULNERABILITIES - January 12, 2007

violation vulnerability

"The vulnerability was found in wsbho2k0.dll. Function Open ( String ) when given a long argument leads to memory corruption conditions. However, as the issue involves the control that is not marked safe for scripting nor for initialization, it cannot be exploited remotely. Moreover, as for know I have not proved it is exploitable."

http://www.securityfocus.com/archive/1/456755

Collapse -
This is a Different & New Win Meta File Exploit NOT 1/2/06?

In reply to: VULNERABILITIES - January 12, 2007

The MS patch does not prevent this one also? Thanks for confirmation Sad

Collapse -
Looks different to me.

The PoC was published on the 10th of January only. MS released this months patches (9th Jan) .

No advisory or report from MS yet on what is their analysis about the said vulnerability (with exploit available now.)
Or whether it's the same issue or not.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.