Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 15, 2007.

Mac OS X HFS+ "do_hfs_truncate()" Denial of Service
http://secunia.com/advisories/23742/

OS: Apple Macintosh OS X

Description:
LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "do_hfs_truncate()" function when handling HFS+ file systems. This can be exploited via a DMG image containing a specially crafted HFS+ file system to cause a kernel panic.

NOTE: This is only remotely exploitable via the Safari web browser when the "opening safe files after downloading" option is enabled.

The vulnerability is reported in version 10.4.8 (x86). Other versions may also be affected.

Solution: Disable the "opening safe files after downloading" option. Grant only trusted users access to the system and do not mount untrusted DMG images.

Provided and/or discovered by: LMH

Original Advisory:
http://projects.info-pull.com/moab/MOAB-13-01-2007.html

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 15, 2007.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 15, 2007.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
SUSE update for XFree86 and Xorg

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
SUSE update for XFree86 and Xorg

SECUNIA ADVISORY ID:
SA23758

VERIFY ADVISORY:
http://secunia.com/advisories/23758/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
SUSE Linux 10.1
http://secunia.com/product/10796/
SUSE Linux 10
http://secunia.com/product/6221/
SUSE Linux 9.3
http://secunia.com/product/4933/
SuSE Linux Enterprise Server 8
http://secunia.com/product/1171/
SuSE Linux Openexchange Server 4.x
http://secunia.com/product/2001/
SuSE Linux Standard Server 8
http://secunia.com/product/2526/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
UnitedLinux 1.0
http://secunia.com/product/2003/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for XFree86 and Xorg. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

For more information:
SA23670

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.novell.com/linux/security/advisories/2007_08_x.html

OTHER REFERENCES:
SA23670:
http://secunia.com/advisories/23670/

Collapse -
Gentoo update for w3m

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Gentoo update for w3m

SECUNIA ADVISORY ID:
SA23773

VERIFY ADVISORY:
http://secunia.com/advisories/23773/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for w3m. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

For more information:
SA23492

SOLUTION:
Update to "www-client/w3m-0.5.1-r4" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-06.xml

OTHER REFERENCES:
SA23492:
http://secunia.com/advisories/23492/

Collapse -
WebGUI Cross-Site Scripting Vulnerability

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
WebGUI Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA23718

VERIFY ADVISORY:
http://secunia.com/advisories/23718/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
WebGUI 7.x
http://secunia.com/product/13252/

DESCRIPTION:
A vulnerability has been reported in WebGUI, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Some unspecified input related to Wiki Page titles is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

SOLUTION:
The vulnerability is fixed in 7.3.4 (beta).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

OTHER REFERENCES:
http://sourceforge.net/project/shownotes.php?release_id=477485

Collapse -
Gentoo update for openoffice

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Gentoo update for openoffice

SECUNIA ADVISORY ID:
SA23762

VERIFY ADVISORY:
http://secunia.com/advisories/23762/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for openoffice. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23612

SOLUTION:
All openoffice users should update to:
"app-office/openoffice-2.0.4" or later.

All openoffice binary users should update to:
"app-office/openoffice-bin-2.1.0" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-07.xml

OTHER REFERENCES:
SA23612:
http://secunia.com/advisories/23612/

Collapse -
IBM OS/400 Connection Reset Denial of Service Vulnerability

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
IBM OS/400 Connection Reset Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23765

VERIFY ADVISORY:
http://secunia.com/advisories/23765/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
OS/400 5.x
http://secunia.com/product/212/
OS/400 4.x
http://secunia.com/product/998/

DESCRIPTION:
IBM has acknowledged a vulnerability in OS/400, which can be
exploited by malicious people to reset established TCP connections on
a vulnerable system.

For more information:
SA11440

SOLUTION:
PTFs are reportedly available.

ORIGINAL ADVISORY:
http://www-1.ibm.com/support/docview.wss?uid=nas2c8623b2ed01d45d08625718e0043edc2
http://www-1.ibm.com/support/docview.wss?uid=nas204b3e62c8a63af708625718e0043eddc

OTHER REFERENCES:
SA11440:
http://secunia.com/advisories/11440

Collapse -
All In One Control Panel (AIOCP) Unspecified Cross-Site Scri

In reply to: VULNERABILITIES - January 15, 2007.

All In One Control Panel (AIOCP) Unspecified Cross-Site Scripting

TITLE:
All In One Control Panel (AIOCP) Unspecified Cross-Site Scripting

SECUNIA ADVISORY ID:
SA23732

VERIFY ADVISORY:
http://secunia.com/advisories/23732/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
All In One Control Panel 1.x
http://secunia.com/product/12505/

DESCRIPTION:
A vulnerability has been reported in All In One Control Panel
(AIOCP), which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed to unspecified parameters is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

The vulnerability is reported in versions prior to 1.3.010.

SOLUTION:
Update to version 1.3.10 or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=478370

Collapse -
All In One Control Panel (AIOCP) SQL Injection Vulnerabili

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
All In One Control Panel (AIOCP) SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA23740

VERIFY ADVISORY:
http://secunia.com/advisories/23740/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
All In One Control Panel 1.x
http://secunia.com/product/12505/

DESCRIPTION:
Coloss has discovered some vulnerabilities in All In One Control
Panel (AIOCP), which can be exploited by malicious people to conduct
SQL injection attacks.

1) Input passed to the "xuser_name" parameter when logging in is not
properly sanitised before being used in a SQL query within
shared/code/cp_authorization.php. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

Successful exploitation allows access to the administration section
but requires that "magic_quotes_gpc" is disabled.

2) Input passed to the "did" parameter in
public/code/cp_downloads.php is not properly sanitised before being
used in a SQL query within shared/code/cp_functions_downloads.php.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerabilities are reported in version 1.3.009 and confirmed in
version 1.3.010. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Coloss

Collapse -
Gentoo update for kdegraphics-kfile-plugins

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Gentoo update for kdegraphics-kfile-plugins

SECUNIA ADVISORY ID:
SA23728

VERIFY ADVISORY:
http://secunia.com/advisories/23728/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for kdegraphics-kfile-plugins. This fixes
a weakness, which can be exploited by malicious people to cause a DoS
(Denial of Service).

For more information:
SA23203

SOLUTION:
Update to "kde-base/kdegraphics-kfile-plugins-3.5.5-r1" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-05.xml

OTHER REFERENCES:
SA23203:
http://secunia.com/advisories/23203/

Collapse -
Debian update for libsoup

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Debian update for libsoup

SECUNIA ADVISORY ID:
SA23770

VERIFY ADVISORY:
http://secunia.com/advisories/23770/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for libsoup. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23734

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.debian.org/security/2007/dsa-1248

OTHER REFERENCES:
SA23734:
http://secunia.com/advisories/21615/

Collapse -
Gentoo update for opera

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Gentoo update for opera

SECUNIA ADVISORY ID:
SA23771

VERIFY ADVISORY:
http://secunia.com/advisories/23771/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for opera. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23613

SOLUTION:
Update to ">=www-client/opera-9.10" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml

OTHER REFERENCES:
SA23613:
http://secunia.com/advisories/23613/

Collapse -
Libsoup "soup_headers_parse()" Headers Handling Denial of Se

In reply to: VULNERABILITIES - January 15, 2007.

Libsoup "soup_headers_parse()" Headers Handling Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0173
CVE ID : CVE-2006-5876
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

A vulnerability has been identified in Libsoup, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the "soup_headers_parse()" [soup-headers.c] function when processing malformed requests, which could be exploited by attackers to crash applications linked against a vulnerable library, creating a denial of service condition.

Affected Products

Libsoup version 2.2.98 and prior

Solution

Upgrade to Libsoup version 2.2.99 :
http://ftp.gnome.org/pub/gnome/sources/libsoup/

References

http://www.frsirt.com/english/advisories/2007/0173
http://ftp.gnome.org/pub/gnome/sources/libsoup/2.2/libsoup-2.2.99.news
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405197

Credits

Vulnerability reported by Roland Lezuo

Collapse -
Neon "ne_uri_parse()" Non-ASCII Characters Handling Denial o

In reply to: VULNERABILITIES - January 15, 2007.

Neon "ne_uri_parse()" Non-ASCII Characters Handling Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0172
CVE ID : CVE-2007-0157
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

A vulnerability has been identified in Neon (libneon), which could be exploited by attackers to cause a denial of service. This issue is due to an array index error in the "ne_uri_parse()" function ("uri_lookup" macro) when processing URIs with non-ASCII characters on a 64-bit platform, which could be exploited by attackers to crash applications linked against a vulnerable library, creating a denial of service condition.

Affected Products

Neon (libneon) versions 0.26.0 through 0.26.2

Solution

Apply patch :
http://mailman.webdav.org/pipermail/neon/attachments/20070107/30e92608/neon-uri_lookup-fix.bin

References

http://www.frsirt.com/english/advisories/2007/0172
http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723

Credits

Vulnerability reported by Modestas Vainius

Collapse -
POP3/SMTP to OWA "ParseHeader()" Function Remote Buffer Over

In reply to: VULNERABILITIES - January 15, 2007.

POP3/SMTP to OWA "ParseHeader()" Function Remote Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0160
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-12
Technical Description

A vulnerability has been identified in POP3/SMTP to OWA, which could be exploited by attackers to cause a denial of service or take complete control of an affected system. This issue is due to a buffer overflow error in the "ParseHeader()" [clsOWA.cls] function when processing a message with an overly long header, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands via a malicious email.

Affected Products

POP3/SMTP to OWA version 1.1.3

Solution

Upgrade to POP3/SMTP to OWA version 1.1.4 :
http://sourceforge.net/projects/pop2owa/

References

http://www.frsirt.com/english/advisories/2007/0160
http://sourceforge.net/tracker/index.php?func=detail&aid=1621688&group_id=152204&atid=783596
http://sourceforge.net/project/shownotes.php?release_id=473941&group_id=152204

Credits

Vulnerability reported by the vendor

Collapse -
Fedora Core 5 update for mono

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Fedora Core 5 update for mono

SECUNIA ADVISORY ID:
SA23776

VERIFY ADVISORY:
http://secunia.com/advisories/23776/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information, Privilege escalation

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for mono. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, and by malicious
people to disclose potentially sensitive information.

For more information:
SA22237
SA23432

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2401

OTHER REFERENCES:
SA22237:
http://secunia.com/advisories/22237/

SA23432:
http://secunia.com/advisories/23432/

Collapse -
Ubuntu update for ligtop2

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Ubuntu update for ligtop2

SECUNIA ADVISORY ID:
SA23777

VERIFY ADVISORY:
http://secunia.com/advisories/23777/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for libgtop2. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

For more information:
SA23736

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-407-1

OTHER REFERENCES:
SA23736:
http://secunia.com/advisories/23736/

Collapse -
Apple Mac OS X AppleTalk "_ATPsndrsp()" Function Local Denia

In reply to: VULNERABILITIES - January 15, 2007.

Apple Mac OS X AppleTalk "_ATPsndrsp()" Function Local Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0191
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

A vulnerability has been identified in Apple Mac OS X, which could be exploited by local attackers to cause a denial of service. This issue is due to an error in the AppleTalk "_ATPsndrsp()" function, which could be exploited by malicious users to crash a vulnerable system, creating a denial of service condition.

Affected Products

Apple Mac OS X version 10.4.8 and prior

Solution

Disable AppleTalk by typing "appletalk -d" at the command line.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0191
http://projects.info-pull.com/moab/MOAB-14-01-2007.html

Credits

Vulnerabilities reported by LMH

Collapse -
Mandriva Security Update Fixes Libneon URI Handling Denial o

In reply to: VULNERABILITIES - January 15, 2007.

Mandriva Security Update Fixes Libneon URI Handling Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0184
CVE ID : CVE-2007-0157
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

Mandriva has released updated packages to address a vulnerability identified in Libneon. This issue could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0172

Affected Products

Mandriva Linux 2007.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0184
http://archives.mandrivalinux.com/security-announce/2007-01/msg00019.php

Collapse -
SuSE Security Update Fixes Opera Browser Remote Code Executi

In reply to: VULNERABILITIES - January 15, 2007.

SuSE Security Update Fixes Opera Browser Remote Code Execution Vulnerabilities


Advisory ID : FrSIRT/ADV-2007-0188
CVE ID : CVE-2007-0126 - CVE-2007-0127
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

SuSE has released security updates to address multiple vulnerabilities identified in Opera. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0060

Affected Products

openSUSE 10.2
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/0188
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html

Collapse -
SuSE Security Update Fixes Mozilla Browser Multiple Command

In reply to: VULNERABILITIES - January 15, 2007.

SuSE Security Update Fixes Mozilla Browser Multiple Command Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0161
CVE ID : CVE-2006-6497 - CVE-2006-6498 - CVE-2006-6499 - CVE-2006-6500 - CVE-2006-6501 - CVE-2006-6502 - CVE-2006-6503 - CVE-2006-6504 - CVE-2006-6505 - CVE-2006-6506 - CVE-2006-6507
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

SuSE has released security updates to address multiple vulnerabilities identified in Mozilla. These issues could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2006-5068

Affected Products

Novell Linux Desktop 9
Novell Linux POS 9
Open Enterprise Server
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE SLES 9

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/0161
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0006.html

Collapse -
SuSE Security Update Fixes Cacti "cmd.php" Remote Code Injec

In reply to: VULNERABILITIES - January 15, 2007.

SuSE Security Update Fixes Cacti "cmd.php" Remote Code Injection Vulnerability

Advisory ID : FrSIRT/ADV-2007-0162
CVE ID : CVE-2006-6799
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15
Technical Description

SuSE has released security updates to address a vulnerability identified in Cacti. This flaw could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-5193

Affected Products

openSUSE 10.2
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/0162
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0007.html

Collapse -
Mandriva update for kernel

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Mandriva update for kernel

SECUNIA ADVISORY ID:
SA23752

VERIFY ADVISORY:
http://secunia.com/advisories/23752/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information, Privilege escalation, DoS

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2006
http://secunia.com/product/9020/

DESCRIPTION:
Mandriva has issued an update for the kernel. This fixes some
vulnerabilities, which have unknown impact or can be exploited by
malicious, local users to gain knowledge of potentially sensitive
information, cause a DoS (Denial of Service), or gain escalated
privileges, and by malicious people to cause a DoS.

For more information:
SA16494
SA22253
SA22665
SA22702
SA23073
SA23361
SA23427
SA23529

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012

OTHER REFERENCES:
SA16494:
http://secunia.com/advisories/16494/

SA22253:
http://secunia.com/advisories/22253/

SA22665:
http://secunia.com/advisories/22665/

SA22702:
http://secunia.com/advisories/22702/

SA23073:
http://secunia.com/advisories/23073/

SA23361:
http://secunia.com/advisories/23361/

SA23427:
http://secunia.com/advisories/23427/

SA23529:
http://secunia.com/advisories/23529/

Collapse -
FileZilla Options and QueueCtrl Modules Multiple Client-Side

In reply to: VULNERABILITIES - January 15, 2007.

FileZilla Options and QueueCtrl Modules Multiple Client-Side Buffer Overflow Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0183
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Multiple vulnerabilities have been identified in FileZilla, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. These issues are due to buffer overflow errors in "Options.cpp" when using a registry to store settings and in "QueueCtrl.cpp" when handling a transfer queue, which could be exploited by attackers to crash an affected application or potentially compromise a vulnerable system.

Affected Products

FileZilla version 2.2.29 and prior

Solution

Upgrade to FileZilla version 2.2.30a :
http://sourceforge.net/projects/filezilla/

References

http://www.frsirt.com/english/advisories/2007/0183
http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558

Credits

Vulnerabilities reported by the vendor

Collapse -
FileZilla "LogMessage()" Arguments Handling Client-Side Form

In reply to: VULNERABILITIES - January 15, 2007.

FileZilla "LogMessage()" Arguments Handling Client-Side Format String Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0182
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-15

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Multiple vulnerabilities have been identified in FileZilla, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. These issues are due to format string errors in the "LogMessage()" function when handling malformed arguments (e.g. usernames), which could be exploited by attackers to crash an affected application or potentially compromise a vulnerable system.

Affected Products

FileZilla version 3.0.0-beta4 and prior

Solution

Upgrade to FileZilla version 3.0.0-beta5 :
http://sourceforge.net/projects/filezilla/

References

http://www.frsirt.com/english/advisories/2007/0182
http://sourceforge.net/tracker/index.php?func=detail&aid=1633285&group_id=21558&atid=372241
http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558

Credits

Vulnerabilities reported by Juan

Collapse -
Dream FTP Server Data Handling Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
Dream FTP Server Data Handling Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA23731

VERIFY ADVISORY:
http://secunia.com/advisories/23731/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Dream FTP Server 1.x
http://secunia.com/product/2977/

DESCRIPTION:
Marsu has discovered a vulnerability in Dream FTP Server, which can
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when processing
data to be displayed in the "Server Log". This can be exploited to
cause a heap-based buffer overflow via an overly long (more than 2000
bytes), specially crafted string sent to the service.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 1.02. Other versions may
also be affected.

SOLUTION:
Use another product.

PROVIDED AND/OR DISCOVERED BY:
Marsu

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/3128

Collapse -
libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow

In reply to: VULNERABILITIES - January 15, 2007.

TITLE:
libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow

SECUNIA ADVISORY ID:
SA23736

VERIFY ADVISORY:
http://secunia.com/advisories/23736/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
libgtop2 2.x
http://secunia.com/product/13251/

DESCRIPTION:
Liu Qishuai has reported a vulnerability in libgtop2, which can be
exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the
"glibtop_get_proc_map_s()" function in sysdeps/linux/procmap.c. This
can be exploited to cause a stack-based buffer overflow by running a
process with a specially crafted long path and tricking a victim into
running an application using the library (e.g. gnome-system-monitor).

The vulnerability is reported in versions prior to 2.14.6.

SOLUTION:
Update to version 2.14.6.

PROVIDED AND/OR DISCOVERED BY:
Liu Qishuai

ORIGINAL ADVISORY:
http://bugzilla.gnome.org/show_bug.cgi?id=396477

Collapse -
Outpost Bypassing Self-Protection using file links Vuln.

In reply to: VULNERABILITIES - January 15, 2007.

Release date: January 15, 2007
Last update: January 15, 2007
Type: Incomplete design implementation bugs
Character: Complete system control
Status: Unpatched bugs
Risk: Critical bugs
Exploitability: Locally exploitable bugs
Discoverability: Hardly discoverable

Description:

Outpost protects its files and forbids other applications to manipulate them. Files and directories in its installation directory are guarded by various SSDT hooks. However, the implementation of this protection does not prevent malicious applications to call native API ZwSetInformationFile class FileLinkInformation. Such calls can be used to replace files that are not used by the system when this function is called. One of vulnerable files in the Outpost installation directory is SandBox.sys, the driver that implements Outpost Self-Protection mechanisms. Attackers are able to replace this driver with a fake copy that will be loaded into the system after the next reboot. This can result in a complete system control because driver's code is executed in the privileged kernel mode. The fake driver can be implemented such that the user has no chance to notice the attack.

Vulnerable software:
Outpost Firewall PRO 4.0 (1005.590.123)
Outpost Firewall PRO 4.0 (971.584.079)
Outpost Firewall PRO 4.0 (964.582.059)
probably all older versions of Outpost Firewall PRO 4.0
possibly older versions of Outpost Firewall PRO

Events:
2007-01-15: Advisory released
2007-01-15: Vendor notification

http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.