Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 17, 2007

Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities


Bugtraq ID: 17910
Class: Design Error
CVE: CVE-2006-2271
CVE-2006-2272

Remote: Yes

Updated: Jan 17 2007 01:51AM
Credit: This issue was discovered by the Mu Security research team.

http://www.securityfocus.com/bid/17910

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 17, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 17, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulner

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability

Bugtraq ID: 17735
Class: Input Validation Error
CVE: CVE-2006-1864

Remote: No
Local: Yes

Updated: Jan 17 2007 01:51AM
Credit: Marcel Holtmann is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/17735

Collapse -
Linux Kernel SCTP Multiple Remote Denial of Service Vulnerab

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel SCTP Multiple Remote Denial of Service Vulnerabilities


Bugtraq ID: 18085
Class: Design Error
CVE: CVE-2006-1857
CVE-2006-1858

Remote: Yes
Local: No

Updated: Jan 17 2007 01:51AM
Credit: This issue was discovered by the Mu Security research team.

http://www.securityfocus.com/bid/18085

Collapse -
Linux Kernel IP_ROUTE_INPUT Local Denial of Service Vulnerab

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel IP_ROUTE_INPUT Local Denial of Service Vulnerability

Bugtraq ID: 17593
Class: Design Error
CVE: CVE-2006-1525

Remote: No
Local: Yes

Updated: Jan 17 2007 01:51AM
Credit: Thomas discovered this issue.

http://www.securityfocus.com/bid/17593

Collapse -
Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities

Bugtraq ID: 17203
Class: Design Error
CVE: CVE-2006-1342
CVE-2006-1343

Remote: No
Local: Yes

Updated: Jan 17 2007 01:51AM
Credit: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> discovered these issues.

http://www.securityfocus.com/bid/17203

Collapse -
Linux Kernel Shared Memory Security Restriction Bypass Vulne

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel Shared Memory Security Restriction Bypass Vulnerabilities

Bugtraq ID: 17587
Class: Design Error
CVE: CVE-2006-1524
CVE-2006-2071

Remote: No
Local: Yes

Updated: Jan 17 2007 01:51AM
Credit: Hugh Dickins is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/17587

Collapse -
InGate Firewall And SIParator Unspecified Authentication Rep

In reply to: VULNERABILITIES - January 17, 2007

InGate Firewall And SIParator Unspecified Authentication Replay Vulnerability

Bugtraq ID: 22080
Class: Access Validation Error
CVE:
Remote: Yes
Local: No
Published: Jan 16 2007 12:00AM
Updated: Jan 17 2007 01:50AM
Credit: The vendor disclosed this issue.

http://www.securityfocus.com/bid/22080

Collapse -
Linux Kernel die_if_kernel Local Denial of Service Vulnerabi

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel die_if_kernel Local Denial of Service Vulnerability

Bugtraq ID: 16993
Class: Design Error
CVE: CVE-2006-0742

Remote: No
Local: Yes

Credit: Alan and Gareth discovered this issue.

http://www.securityfocus.com/bid/16993

Collapse -
SquirrelMail Multiple Cross Site Scripting and Input Validat

In reply to: VULNERABILITIES - January 17, 2007

SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities

Bugtraq ID: 21414
Class: Input Validation Error
CVE: CVE-2006-6142

Remote: Yes
Local: No

Updated: Jan 17 2007 01:50AM
Credit: Martijn Brinkers is credited with the discovery of these vulnerabilities.

http://www.securityfocus.com/bid/21414

Collapse -
RealPlayer MID File Handling Remote Denial of Service Vuln.

In reply to: VULNERABILITIES - January 17, 2007

Vulnerable: Real Networks RealPlayer 10.5

RealNetwork RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Arbitrary code execution might be possible, but this is not confirmed.

Version 10.5 is vulnerable to this issue; other versions may also be affected.

http://www.securityfocus.com/bid/22050/discuss

Collapse -
Sun Java Runtime Environment GIF Image Handling Remote Code

In reply to: VULNERABILITIES - January 17, 2007

Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-0211
CVE ID : CVE-2007-0243
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

A vulnerability has been identified in Sun Java Runtime Environment, which could be exploited by remote attackers to take complete control of an affected system. This issue is due to a buffer overflow error when parsing GIF images with a "width" property set to 0, which could be exploited by remote attackers to read and write local files on a vulnerable system or execute local applications by tricking a user into visiting a malicious web page containing a specially crafted applet.

Affected Products

Sun JDK version 5.0 Update 9 and prior
Sun JRE version 5.0 Update 9 and prior
Sun SDK version 1.4.2_12 and prior
Sun JRE version 1.4.2_12 and prior
Sun SDK version 1.3.1_18 and prior
Sun JRE version 1.3.1_18 and prior

Solution

Upgrade to JDK and JRE 5.0 Update 10, SDK and JRE 1.4.2_13, and SDK and JRE 1.3.1_19 :
http://www.java.com

References

http://www.frsirt.com/english/advisories/2007/0211
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html

Collapse -
This is also in Secunia
Collapse -
Oracle Products Multiple Remote Command Execution and SQL In

In reply to: VULNERABILITIES - January 17, 2007

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0210
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Multiple vulnerabilities have been identified in various Oracle products, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary data, disclose sensitive information, conduct SQL injection and cross site scripting attacks, or bypass security restrictions.

The first issue is due to an input validation error in Oracle Database when handling certain parameters via XML DB, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

The second issue is due to an input validation error in the "DBMS_AQ_INV" package, which could be exploited by malicious people to inject and execute arbitrary SQL queries.

The third vulnerability is due to a buffer overflow error in the Oracle Notification Service (ONS) when processing malformed requests sent to port 6200/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary commands.

The fourth issue is due to an input validation error in Oracle Application Server when processing requests via the "EmChartBean" component, which could be exploited by remote unauthenticated attackers to access and read the contents of arbitrary files via directory traversal attacks.

Other unspecified vulnerabilities have also been identified in various components.

Read more: http://www.frsirt.com/english/advisories/2007/0210

Collapse -
IBM WebSphere Application Server Security Exposure and Infor

In reply to: VULNERABILITIES - January 17, 2007

IBM WebSphere Application Server Security Exposure and Information Disclosure Issues

Advisory ID : FrSIRT/ADV-2007-0214
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Multiple vulnerabilities have been identified in IBM WebSphere Application Server, which could be exploited by attackers to bypass security restrictions or disclose sensitive information.

The first vulnerability is due to an unspecified security exposure issue.

The second issue is due to an error when both file serving and dynacahe are enabled, which could be exploited by remote attackers to cause a vulnerable server to display the source code of arbitrary JavaServer pages (JSP).

The third issue is due to sensitive information appearing in the trace. No further details have been disclosed.

Affected Products

IBM WebSphere Application Server versions 6.1.x

Solution

Upgrade to IBM WebSphere Application Server Fix Pack 5 (6.1.0.5) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24014336

References

http://www.frsirt.com/english/advisories/2007/0214
http://www-1.ibm.com/support/docview.wss?uid=swg27007951#6105

Credits

Vulnerabilities reported by the vendor

Collapse -
Fedora Security Update Fixes Fetchmail Password Disclosure a

In reply to: VULNERABILITIES - January 17, 2007

Fedora Security Update Fixes Fetchmail Password Disclosure and DoS Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0219
CVE ID : CVE-2006-5867 - CVE-2006-5974
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Fedora has released security updates to address multiple vulnerabilities identified in Fetchmail. These issues could be exploited by attackers to cause a denial of service or disclose sensitive information. For additional information, see : FrSIRT/ADV-2007-0087

Affected Products

Fedora Core 6
Fedora Core 5

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0219
https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00092.html
https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00093.html

Collapse -
Gentoo Security Update Fixes Mono "System.Web" Source Code D

In reply to: VULNERABILITIES - January 17, 2007

Gentoo Security Update Fixes Mono "System.Web" Source Code Disclosure Vulnerability

Advisory ID : FrSIRT/ADV-2007-0218
CVE ID : CVE-2006-6104
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Gentoo has released security updates to address a vulnerability identified in Mono. This issue could be exploited by attackers to disclose sensitive information. For additional information, see : FrSIRT/ADV-2006-5099

Affected Products

dev-lang/mono versions prior to 1.2.2.1

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=dev-lang/mono-1.2.2.1"

References

http://www.frsirt.com/english/advisories/2007/0218
http://www.gentoo.org/security/en/glsa/glsa-200701-12.xml

Collapse -
Gentoo Security Update Fixes Horde Kronolith "FBView" Local

In reply to: VULNERABILITIES - January 17, 2007

Gentoo Security Update Fixes Horde Kronolith "FBView" Local File Inclusion Vulnerability

Advisory ID : FrSIRT/ADV-2007-0217
CVE ID : CVE-2006-6175
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Gentoo has released security updates to address a vulnerability identified in Horde Kronolith. This issue could be exploited by remote attackers to include or disclose the contents of arbitrary files with the privileges of the web server. For additional information, see : FrSIRT/ADV-2006-4775

Affected Products

www-apps/horde-kronolith versions prior to 2.1.4

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=www-apps/horde-kronolith-2.1.4"

References

http://www.frsirt.com/english/advisories/2007/0217
http://www.gentoo.org/security/en/glsa/glsa-200701-11.xml

Collapse -
Gentoo Security Update Fixes WordPress SQL Injection and Cro

In reply to: VULNERABILITIES - January 17, 2007

Gentoo Security Update Fixes WordPress SQL Injection and Cross Site Scripting Issues

Advisory ID : FrSIRT/ADV-2007-0216
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Gentoo has released security updates to address multiple vulnerabilities identified in WordPress. These issues could be exploited by remote attackers to execute arbitrary SQL queries or scripting code. For additional information, see : FrSIRT/ADV-2006-5191 - FrSIRT/ADV-2007-0061 - FrSIRT/ADV-2007-0062

Affected Products

www-apps/wordpress versions prior to 2.0.6

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=www-apps/wordpress-2.0.6"

References

http://www.frsirt.com/english/advisories/2007/0216
http://www.gentoo.org/security/en/glsa/glsa-200701-10.xml

Collapse -
Gentoo Security Update Fixes oftpd "LPRT" and "LPASV" Denial

In reply to: VULNERABILITIES - January 17, 2007

Gentoo Security Update Fixes oftpd "LPRT" and "LPASV" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0215
CVE ID : CVE-2006-6767
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Gentoo has released security updates to address a vulnerability identified in oftpd. This issue could be exploited by remote attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0198

Affected Products

net-ftp/oftpd versions prior to 0.3.7-r3

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=net-ftp/oftpd-0.3.7-r3"

References

http://www.frsirt.com/english/advisories/2007/0215
http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml

Collapse -
SmE FileMailer Multiple Parameter Handling Remote SQL Query

In reply to: VULNERABILITIES - January 17, 2007

SmE FileMailer Multiple Parameter Handling Remote SQL Query Injection Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0221
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-17

Multiple vulnerabilities have been identified in SmE FileMailer, which could be exploited by remote attackers to execute arbitrary SQL commands. These issues are due to input validation errors in various scripts (e.g. "index.php" or "dl.php") that do not validate certain parameters (e.g. "ps", "us", "f", or "code") before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.

Affected Products

SmE FileMailer version 1.21 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0221
http://www.x0n3-h4ck.org/index.php?name=news&article=147

Credits

Vulnerabilities reported by CorryL and x50

Collapse -
Acer LunchApp.APlunch ActiveX Control Remote Code Execution

In reply to: VULNERABILITIES - January 17, 2007

Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability

Bugtraq ID: 21207
Class: Design Error
CVE:
Remote: Yes
Local: No

Updated: Jan 17 2007 09:50AM
Credit: Tan Chew Keong discovered this issue.


http://www.securityfocus.com/bid/21207

Collapse -
Linux Kernel CD-ROM Driver Local Buffer Overflow Vulnerabili

In reply to: VULNERABILITIES - January 17, 2007

Bugtraq ID: 18847
Class: Boundary Condition Error
CVE: CVE-2006-2935

Remote: No
Local: Yes

The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.

Linux kernel version 2.6.17.3 and prior are affected by this issue.

http://www.securityfocus.com/bid/18847/discuss

Collapse -
Linux Kernel ATM SkBuff Dereference Remote Denial of Service

In reply to: VULNERABILITIES - January 17, 2007

Linux Kernel ATM SkBuff Dereference Remote Denial of Service Vulnerability

Bugtraq ID: 20363
Class: Design Error
CVE: CVE-2006-4997

Remote: Yes
Local: No

Updated: Jan 17 2007 03:10PM
Credit: ADLab is credited with discovering this vulnerability.

The Linux kernel is prone to a remote denial-of-service vulnerability.

This issue is triggered when the kernel processes incoming ATM data.

Exploiting this vulnerability may allow remote attackers to crash the affected kernel, resulting in denial-of-service conditions.

This issue affects only systems that have ATM hardware and are configured for ATM kernel support.

Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable to this issue.

http://www.securityfocus.com/bid/20363

Collapse -
Red Hat update for kernel

In reply to: VULNERABILITIES - January 17, 2007

TITLE:
Red Hat update for kernel

SECUNIA ADVISORY ID:
SA23788

VERIFY ADVISORY:
http://secunia.com/advisories/23788/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

For more information:
SA22253

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0012.html
http://rhn.redhat.com/errata/RHSA-2007-0013.html

Collapse -
Outpost Bypassing Self-Protection using File Links Vulnerabi

In reply to: VULNERABILITIES - January 17, 2007

Outpost Bypassing Self-Protection using File Links Vulnerability

A vulnerability in Outpost allows attackers to bypass the self-protecting mechanism of the program allowing attackers to cause it to execute arbitrary code.

Credit:
The information has been provided by Matousec - Transparent security Research.
The original article can be found at: http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php

Vulnerable software:
* Outpost Firewall PRO 4.0 (1005.590.123)
* Outpost Firewall PRO 4.0 (971.584.079)
* Outpost Firewall PRO 4.0 (964.582.059)
* probably all older versions of Outpost Firewall PRO 4.0
* possibly older versions of Outpost Firewall PRO

Collapse -
Oracle Application Server 10g Directory Traversal

In reply to: VULNERABILITIES - January 17, 2007

Summary
"Oracle Application Server 10g offers a comprehensive solution for developing, integrating, and deploying your enterprise's applications, portals, and Web services. Based on a powerful and scalable J2EE server, Oracle Application Server 10g provides complete business integration and business intelligence suites, and best-of-breed portal software. Oracle Application Server 10g is the only platform designed for grid computing as well as full lifecycle support for Service-Oriented Architecture (SOA)."

A vulnerable server side component allows remote access to files outside of the application's root directory with permissions of the LocalSystem process. No authentication is required.

Credit:
The information has been provided by Oliver Karow.
The original article can be found at: http://www.securityfocus.com/bid/22027

Vulnerable Systems:
* Oracle Application Server 10g Release 3 (10.1.3.0.0)

The server side component EmChartBean is part of the Oracle Enterprise Manager 10g Application Server Control Software. EmChartBean is vulnerable to a directory traversal attack.

The vulnerability can be exploited by sending an unauthenticated http GET request. Remote access is granted to files outside of the application's root directory with permissions of the Javaw.exe process, which by default runs with LocalSystem privileges.

Vendor Response:
The fix for this security vulnerability is included in Oracle's January 2007 Critical Patch Update. The Critical Patch Update advisory, which lists the versions affected and contains links to more information and patches, is available at: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.htm

The main page for Oracle Critical Patch Updates and Security Alerts is available at: http://www.oracle.com/technology/deploy/security/alerts.htm

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.