Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 16, 2007

OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability

Bugtraq ID: 20249
Class: Boundary Condition Error
CVE: CVE-2006-3738
Remote: Yes
Local: No
Published: Sep 28 2006 12:00AM
Updated: Jan 16 2007 12:20AM
Credit: The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.

Read more: http://www.securityfocus.com/bid/20249

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 16, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 16, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Texinfo File Handling Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Bugtraq ID: 20959
Class: Boundary Condition Error
CVE: CVE-2006-4810
Remote: Yes

Updated: Jan 16 2007 12:30AM
Credit: Miloslav Trmac is credited with the discovery of this vulnerability.

Read more: http://www.securityfocus.com/bid/20959

Collapse -
PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabil

In reply to: VULNERABILITIES - January 16, 2007

PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities

Bugtraq ID: 20879
Class: Boundary Condition Error
CVE: CVE-2006-5465
Remote: Yes

pdated: Jan 16 2007 03:10AM
Credit: Stefan Esser is credited with the discovery of these vulnerabilities.

Read more: http://www.securityfocus.com/bid/20879

Collapse -
Cacti CMD.PHP Remote Command Execution Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Bugtraq ID: 21799
Class: Input Validation Error
CVE: CVE-2006-6799
Remote: Yes

Updated: Jan 16 2007 03:10AM
Credit: rgod is credited with the discovery of this vulnerability.

Read more: http://www.securityfocus.com/bid/21799

Collapse -
Acer LunchApp ActiveX Control fails to properly restrict...

In reply to: VULNERABILITIES - January 16, 2007

access to methods
http://www.kb.cert.org/vuls/id/221700

Overview
The Acer LunchApp ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system.

I. Description
The Acer LunchApp ActiveX control is provided by LunchApp.ocx. It contains a method called Run(), which takes three parameters: Drive, FileName, and CmdLine. Although the control is not inherently marked as safe for scripting via the IObjectSafety interface, it may be distributed with the appropriate Implemented Categories registry key to make it safe for scripting. This means that a web page in Internet Explorer can call the Run() method of the control.

II. Impact
By convincing a victim to view an HTML document (web page, HTML email, or email attachment), an attacker could run arbitrary commands with the privileges of the user running IE.

III. Solution
Apply an update

Acer has provided an update called Acer Preload Security Patch for Windows XP. This update unregisters and deletes the LunchApp.ocx file if it is present in the Windows System directory.

Disable the Acer LunchApp ActiveX control in Internet Explorer

The Acer LunchApp ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{D9998BD0-7957-11D2-8FED-00606730D3AA}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9998BD0-7957-11D2-8FED-00606730D3AA}]
"Compatibility Flags"=dword:00000400
Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.

Systems Affected :
Vendor Status Date Updated
Acer Vulnerable 12-Jan-2007

Collapse -
Update 1:

Acer has released a patch to address this issue. It is called "Acer Preload Security Patch for Windows XP" and can be downloaded here. The updated US-CERT vulnerability notice with information about the patch can be found

http://www.kb.cert.org/vuls/id/221700

Collapse -
Squid Denial of Service Vulnerabilities

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Squid Denial of Service Vulnerabilities

SECUNIA ADVISORY ID:
SA23767

VERIFY ADVISORY:
http://secunia.com/advisories/23767/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Squid 2.x
http://secunia.com/product/310/

DESCRIPTION:
Two vulnerabilities have been reported in Squid, which can be
exploited by malicious people to cause a DoS (Denial of Service).

1) An error in the handling of certain FTP URL requests can be
exploited to crash Squid by visiting a specially crafted FTP URL via
the proxy.

2) An error in the external_acl queue can cause Squid to crash when
it is under high load conditions.

The vulnerabilities are reported in version 2.6. Other versions may
also be affected.

SOLUTION:
Update to version 2.6.STABLE7.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12

Collapse -
Gentoo update for wordpress

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Gentoo update for wordpress

SECUNIA ADVISORY ID:
SA23741

VERIFY ADVISORY:
http://secunia.com/advisories/23741/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data, Exposure of system
information

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for wordpress. This fixes some
vulnerabilities and a weakness, which can be exploited by malicious
people to identify valid user accounts and to conduct cross-site
scripting, script insertion, and SQL injection attacks.

For more information:
SA23587
SA23595
SA23621

SOLUTION:
Update to "www-apps/wordpress-2.0.6" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-10.xml

OTHER REFERENCES:
SA23587:
http://secunia.com/advisories/23587/

SA23595:
http://secunia.com/advisories/23595/

SA23621:
http://secunia.com/advisories/23621/

Collapse -
Ubuntu update for krb5

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Ubuntu update for krb5

SECUNIA ADVISORY ID:
SA23772

VERIFY ADVISORY:
http://secunia.com/advisories/23772/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/

DESCRIPTION:
Ubuntu has issued an update for krb5. This fixes a vulnerability,
which can potentially be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

For more information:
SA23696

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-408-1

OTHER REFERENCES:
SA23696:
http://secunia.com/advisories/23696/

Collapse -
Mandriva update for fetchmail

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Mandriva update for fetchmail

SECUNIA ADVISORY ID:
SA23781

VERIFY ADVISORY:
http://secunia.com/advisories/23781/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/
Mandriva Linux 2006
http://secunia.com/product/9020/

DESCRIPTION:
Mandriva has issued an update for fetchmail. This fixes a security
issue, which can be exploited by malicious people to gain sensitive
information.

For more information:
SA23631

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:016

OTHER REFERENCES:
SA23631:
http://secunia.com/advisories/23631/

Collapse -
Fedora update for Avahi

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Fedora update for Avahi

SECUNIA ADVISORY ID:
SA23782

VERIFY ADVISORY:
http://secunia.com/advisories/23782/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/

DESCRIPTION:
Fedora has issued an update for Avahi. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23660

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2408

OTHER REFERENCES:
SA23660:
http://secunia.com/advisories/23660/

Collapse -
Fedora update for w3m

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Fedora update for w3m

SECUNIA ADVISORY ID:
SA23792

VERIFY ADVISORY:
http://secunia.com/advisories/23792/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for w3m. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

For more information:
SA23492

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2415
http://fedoranews.org/cms/node/2416

OTHER REFERENCES:
SA23492:
http://secunia.com/advisories/23492/

Collapse -
Debian update for xfree86

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Debian update for xfree86

SECUNIA ADVISORY ID:
SA23789

VERIFY ADVISORY:
http://secunia.com/advisories/23789/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for xfree86. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

For more information:
SA23684

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00004.html

OTHER REFERENCES:
SA23684:
http://secunia.com/advisories/23684/

Collapse -
Mandriva update for BlueZ

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Mandriva update for BlueZ

SECUNIA ADVISORY ID:
SA23798

VERIFY ADVISORY:
http://secunia.com/advisories/23798/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2006
http://secunia.com/product/9020/

DESCRIPTION:
Mandriva has issued an update for BlueZ. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

For more information:
SA23747

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:014

OTHER REFERENCES:
SA23747:
http://secunia.com/advisories/23747

Collapse -
Gentoo update for oftpd

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
Gentoo update for oftpd

SECUNIA ADVISORY ID:
SA23797

VERIFY ADVISORY:
http://secunia.com/advisories/23797/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for oftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23790

SOLUTION:
Update to "net-ftp/oftpd-0.3.7-r3" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml

OTHER REFERENCES:
SA23790:
http://secunia.com/advisories/23790/

Collapse -
rPath update for gd

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
rPath update for gd

SECUNIA ADVISORY ID:
SA23783

VERIFY ADVISORY:
http://secunia.com/advisories/23783/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rPath has issued an update for gd. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

For more information:
SA12996
SA20500

SOLUTION:
Update to "gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.2-1".

ORIGINAL ADVISORY:
https://issues.rpath.com/browse/RPL-939

OTHER REFERENCES:
SA12996:
http://secunia.com/advisories/12996/

Collapse -
Mandriva Security Update Fixes WGet "ftp_syst()" Remote Deni

In reply to: VULNERABILITIES - January 16, 2007

Mandriva Security Update Fixes WGet "ftp_syst()" Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0201
CVE ID : CVE-2006-6719
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-16
Technical Description

Mandriva has released security updates to address a vulnerability identified in GNU WGet. This issue is due to an error in the "ftp_syst()" [ftp-basic.c] function that does not properly handle a large number of blank 220 responses to the "SYST" command, which could be exploited by malicious FTP servers to crash a vulnerable application, creating a denial of service condition.

Affected Products

Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0201
http://archives.mandrivalinux.com/security-announce/2007-01/msg00026.php

Collapse -
Ingate Firewall and SIParator Replay Attack Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Affected:
Ingate Firewall 4.x
Ingate SIParator 4.x

Description:
A vulnerability has been reported in Ingate Firewall and SIParator, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an authentication error in the SIP module and can be exploited via replay attacks.

Solution:
Update to version 4.5.1.
http://www.ingate.com/upgrades.php

Provided and/or discovered by: Reported by the vendor.

Original Advisory: http://www.ingate.com/relnote-451.php

http://secunia.com/advisories/23737/

Collapse -
Ubuntu Security Update Fixes Kerberos "kadmind" Command Exec

In reply to: VULNERABILITIES - January 16, 2007

Ubuntu Security Update Fixes Kerberos "kadmind" Command Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-0193
CVE ID : CVE-2006-6143
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-16
Technical Description

Ubuntu has released security updates to address a vulnerability identified in krb5. This issue could be exploited by attackers to compromise a vulnerable system. For additional information, see : FrSIRT/ADV-2007-0111

Affected Products

Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 6.06 LTS - Upgrade to libkadm55 version 1.4.3-5ubuntu0.2 and libkrb53 version 1.4.3-5ubuntu0.2
Ubuntu 6.10 - Upgrade to libkadm55 version 1.4.3-9ubuntu1.1 and libkrb53 version 1.4.3-9ubuntu1.1

References

http://www.frsirt.com/english/advisories/2007/0193
http://www.ubuntu.com/usn/usn-408-1

Collapse -
Ubuntu Security Update Fixes KSirc "PRIVMSG" Remote Denial o

In reply to: VULNERABILITIES - January 16, 2007

Ubuntu Security Update Fixes KSirc "PRIVMSG" Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0194
CVE ID : CVE-2006-6811
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-16
Technical Description

Ubuntu has released security updates to address a vulnerability identified in KsIRC. This issue could be exploited by remote attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2006-5199

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to ksirc 4:3.4.3-0ubuntu1.1
Ubuntu 6.06 LTS - Upgrade to ksirc 4:3.5.2-0ubuntu6.3
Ubuntu 6.10 - Upgrade to ksirc 4:3.5.5-0ubuntu1.1

References

http://www.frsirt.com/english/advisories/2007/0194
http://www.ubuntu.com/usn/usn-409-1

Collapse -
Acer's Vulnerability Hotfix

In reply to: VULNERABILITIES - January 16, 2007

Collapse -
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Bugtraq ID: 19849
Class: Design Error
CVE: CVE-2006-4339
CVE-2006-4340
CVE-2006-5462

Remote: Yes

Updated: Jan 16 2007 12:30PM
Credit: Daniel Bleichenbacher reported this issue to the vendor.

Read more: http://www.securityfocus.com/bid/19849

Collapse -
FreeBSD UFS "ufs_dirbad()" Local Denial of Service

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
FreeBSD UFS "ufs_dirbad()" Local Denial of Service

SECUNIA ADVISORY ID:
SA23721

VERIFY ADVISORY:
http://secunia.com/advisories/23721/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

OPERATING SYSTEM:
FreeBSD 6.x
http://secunia.com/product/6778/

DESCRIPTION:
LMH has reported a vulnerability in FreeBSD, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ufs_dirbad()"
function when handling corrupted UFS images and can be exploited to
cause a kernel panic.

The vulnerability is reported in FreeBSD 6.1. Other versions may also
be affected.

SOLUTION:
Allow only trusted users to mount UFS images.

PROVIDED AND/OR DISCOVERED BY:
LMH

ORIGINAL ADVISORY:
http://projects.info-pull.com/moab/MOAB-12-01-2007.html

Collapse -
BlueZ HID Insecure Device Connection Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

TITLE:
BlueZ HID Insecure Device Connection Vulnerability

SECUNIA ADVISORY ID:
SA23747

VERIFY ADVISORY:
http://secunia.com/advisories/23747/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
BlueZ 2.x
http://secunia.com/product/5545/

DESCRIPTION:
Collin Mulliner has reported a vulnerability in BlueZ, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the HID host accepting device
connections without authentication. This can be exploited to insert a
new device (e.g. keyboard, mouse) and take control of the affected
system.

SOLUTION:
Update to version 2.25 or later.

PROVIDED AND/OR DISCOVERED BY:
Collin Mulliner

ORIGINAL ADVISORY:
http://mulliner.org/bluetooth/hidattack.php

OTHER REFERENCES:
http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf

Collapse -
Sendmail Long Header Denial Of Service Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Bugtraq ID: 19714
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2006-4434

Remote: Yes

Updated: Jan 16 2007 06:00PM
Credit: This issue was disclosed in the referenced OpenBSD advisory.

Read more: http://www.securityfocus.com/bid/19714

Collapse -
Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerab

In reply to: VULNERABILITIES - January 16, 2007

Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability


Bugtraq ID: 22036
Class: Boundary Condition Error
CVE:
Remote: Yes

Updated: Jan 16 2007 10:20PM
Credit: LMH <lmh@info-pull.com> is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/22036

Collapse -
ProFTPD SReplace Remote Buffer Overflow Vulnerability

In reply to: VULNERABILITIES - January 16, 2007

Bugtraq ID: 20992
Class: Boundary Condition Error
CVE: CVE-2006-5815

Remote: Yes

Updated: Jan 16 2007 09:40PM
Credit: Evgeny Legerov discovered this issue.

http://www.securityfocus.com/bid/20992

Collapse -
Proof-of-Concept Code for Integer Overflow Vulnerability in

In reply to: VULNERABILITIES - January 16, 2007

Proof-of-Concept Code for Integer Overflow Vulnerability in Apple Mac OS X

US-CERT is aware of proof-of-concept code for an unpatched integer overflow vulnerability in Apple Mac OS X Unix File System (UFS) handling. By persuading a user to open a specially crafted Disk Image (DMG) file, a remote attacker may be able to cause a denial-of-service condition or possibly execute arbitrary code on a vulnerable system.

NOTE: This is only remotely exploitable via the Safari web browser when the Opening Safe Files After Downloading option is enabled.

Read more: http://www.us-cert.gov/current/current_activity.html#mcdmgufs

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.