VULNERABILITIES - January 24, 2007

Roemer Software Products NCTAudioFile2 ActiveX Control Buffer Overflow

TITLE:
Roemer Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow

SECUNIA ADVISORY ID:
SA23546

VERIFY ADVISORY:
http://secunia.com/advisories/23546/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Easy Hi-Q Converter 1.x
http://secunia.com/product/7769/
Easy Hi-Q Recorder 2.x
http://secunia.com/product/13043/
FREE Hi-Q Recorder 1.x
http://secunia.com/product/13044/

DESCRIPTION:
Secunia Research has discovered a vulnerability in various Roemer
Software products, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23475

The vulnerability is confirmed in the following versions:
* FREE Hi-Q Recorder 1.9
* Easy Hi-Q Recorder 2.0
* Easy Hi-Q Converter 1.7

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-17/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/

TITLE:
Sun Ray Server Software Password Disclosure

SECUNIA ADVISORY ID:
SA23900

VERIFY ADVISORY:
http://secunia.com/advisories/23900/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Sun Ray Server Software (SRSS) 3.x
http://secunia.com/product/11259/
Sun Ray Server Software (SRSS) 2.x
http://secunia.com/product/3475/

DESCRIPTION:
Sun has acknowledged a security issue in Sun Ray Server Software,
which can be exploited by malicious, local users to gain sensitive
information.

The security issue is caused due to an unspecified error and can be
exploited to disclose the administrator's password if an
administrator logs into the Sun Ray Administration Tool or if the
attacker has read access to the logfiles of Sun Ray Server Software's
private webserver or similar.

The security issue is reported in Sun Ray Server Software 2.0 and
3.0. Other versions may also be affected.

SOLUTION:
Apply patches.

-- SPARC Platform --

Sun Ray Server Software 2.0 for Solaris 8 and 9:
Apply patch 114880-10.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114880-10-1

Sun Ray Server Software 3.0 for Solaris 8, 9, and 10:
Apply patch 118979-02.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118979-02-1

-- Linux Platform --

Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0):
Apply patch 119836-02.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-119836-02-1

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1

TITLE:
Linux-PAM Login Bypass Security Vulnerability

SECUNIA ADVISORY ID:
SA23858

VERIFY ADVISORY:
http://secunia.com/advisories/23858/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Linux-PAM 0.x
http://secunia.com/product/1701/

DESCRIPTION:
A vulnerability has been reported in Linux-PAM, which can be
exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to an error within the
"_unix_verify_password()" function in modules/pam_unix/support.c when
verifying a user's password. This can be exploited to login with any
given password if the hash in the passwd file is "!!" or similar.

The vulnerability is reported in version 0.99.7.0.

SOLUTION:
Update to version 0.99.7.1.

PROVIDED AND/OR DISCOVERED BY:
Bernardo Innocenti

ORIGINAL ADVISORY:
https://www.redhat.com/archives/pam-list/2007-January/msg00017.html
http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.html

TITLE:
Sun Solaris 9 Xorg X Server Integer Overflows

SECUNIA ADVISORY ID:
SA23907

VERIFY ADVISORY:
http://secunia.com/advisories/23907/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/product/95/

SOFTWARE:
Sun Java Desktop System (JDS) Release 2
http://secunia.com/product/5797/

DESCRIPTION:
Sun has acknowledged a vulnerability in Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

For more information:
SA21864

The vulnerability is reported in Sun Solaris 9 for the x86 platform
with the unbundled Sun Java Desktop System (JDS) Release 2 installed.

SOLUTION:
The vendor recommends to unload the Type 1 font module.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1

OTHER REFERENCES:
SA21864:
http://secunia.com/advisories/21864/

TITLE:
Sun Solaris 10 Xorg X Server Integer Overflows

SECUNIA ADVISORY ID:
SA23899

VERIFY ADVISORY:
http://secunia.com/advisories/23899/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 10
http://secunia.com/product/4813/

DESCRIPTION:
Sun has acknowledged a vulnerability in Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

For more information:
SA21864

The vulnerability is reported in Sun Solaris 9 and 10 for the x86
platform.

SOLUTION:
Apply patch 119062-02.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-119062-02-1

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1

TITLE:
Drupal Acidfree Module "node titles" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA23895

VERIFY ADVISORY:
http://secunia.com/advisories/23895/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Drupal Acidfree Module 4.x
http://secunia.com/product/13326/

DESCRIPTION:
A vulnerability has been reported in the Acidfree module for Drupal,
which can be exploited by malicious users to conduct SQL injection
attacks.

Input passed via node titles is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

Successful exploitation may lead to administrator access, but
requires valid a user account with "create acidfree albums"
privileges.

The vulnerability is reported in versions prior to 4.6.x-1.0 and
4.7.x-1.0.

SOLUTION:
Update to 4.6.x-1.0 or 4.7.x-1.0.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Brett Yagel (yagel).

ORIGINAL ADVISORY:
http://drupal.org/node/112145

TITLE:
phpXMLDOM "path" File Inclusion Vulnerabilities

SECUNIA ADVISORY ID:
SA23875

VERIFY ADVISORY:
http://secunia.com/advisories/23875/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
phpXMLDOM (phpXD) 0.x
http://secunia.com/product/13313/

DESCRIPTION:
Dr Max Virus has reported some vulnerabilities in phpXMLDOM, which
can be exploited by malicious people to compromise vulnerable
systems.

Input passed to the "path" parameter in include/dom.php,
include/dtd.php and include/parser.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities are reported in version 0.3. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Dr Max Virus

ORIGINAL ADVISORY:
http://www.milw0rm.com/exploits/3184

TITLE:
PHP Link Directory "URL" Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA23860

VERIFY ADVISORY:
http://secunia.com/advisories/23860/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
PHP Link Directory (phpLD2) 2.x
http://secunia.com/product/7667/
PHP Link Directory (phpLD) 3.x
http://secunia.com/product/13307/

DESCRIPTION:
A vulnerability has been discovered in PHP Link Directory, which can
be exploited by malicious people to conduct script insertion
attacks.

Input passed to the form field "URL" in submit.php is not properly
sanitised before being stored. This can be exploited to insert
arbitrary HTML and script code, which is executed in a user's browser
session in context of an affected site when the offending data is
viewed.

The vulnerability is confirmed in version 2.1 on the 2.x branch and
reported in version 3.0.6 on the 3.x branch. Other versions may also
be affected.

SOLUTION:
It is reported that version 3.1.0 on the 3.x branch fixes the issue.

Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Jussi Vuokko and Henri Lindberg

ORIGINAL ADVISORY:
http://www.smilehouse.com/advisory/phplinkdirectory_070121.txt

TITLE:
Apple Mac OS X "UserNotificationCenter" Privilege Escalation

SECUNIA ADVISORY ID:
SA23846

VERIFY ADVISORY:
http://secunia.com/advisories/23846/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
A vulnerability has been reported in Mac OS X, which can be exploited
by malicious, local users to gain escalated privileges.

The vulnerability is caused due to UserNotificationCenter.app running
any InputManager within /Library/InputManagers in a user's home
directory with privileges of the "wheel" group. This can be exploited
to perform certain actions with "wheel" privileges (e.g. replacing
"/Applications/System
Preferences.app/Contents/Resources/installAssistant").

NOTE: If diskutil is invoked by an administrator to repair
permissions of a volume, the setuid bit is set on "installAssistant",
which is owned by the user root.

The vulnerability is reported in Mac OS X 10.4.8 (x86). Other
versions may also be affected.

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Anonymity, KF, and LMH

ORIGINAL ADVISORY:
http://projects.info-pull.com/moab/MOAB-22-01-2007.html

TITLE:
Sun Solaris "tip" Command Privilege Escalation

SECUNIA ADVISORY ID:
SA23821

VERIFY ADVISORY:
http://secunia.com/advisories/23821/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 10
http://secunia.com/product/4813/
Sun Solaris 9
http://secunia.com/product/95/
Sun Solaris 8
http://secunia.com/product/94/

DESCRIPTION:
Sun has acknowledged a vulnerability in Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to unspecified errors within the
"tip" command. This can be exploited to execute arbitrary code as the
"uucp" user.

SOLUTION:
Apply patches.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102773-1

BrightStor ARCserve Backup for Laptops and Desktops Buffer Overflow Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0314
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Multiple vulnerabilities have been identified in various CA products, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are due to buffer overflow errors in various services when processing specially crafted requests, which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary commands with SYSTEM privileges.

Affected Products

BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1
BrightStor ARCserve Backup for Laptops and Desktops r11.1
BrightStor ARCserve Backup for Laptops and Desktops r11.0
BrightStor Mobile Backup r4.0
CA Desktop Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA Desktop Management Suiter11.0
CA Desktop Management Suiter11.1

Solution

Patch for BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO83833

Patch for BrightStor ARCserve Backup for Laptops and Desktops r11.0 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI85497

Patch for CA Desktop Management Suite r11.1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85401

Patch for CA Desktop Management Suite r11.0 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI85423

Patch for BrightStor Mobile Backup r4.0 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85402

References

http://www.frsirt.com/english/advisories/2007/0314
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp

Credits

Vulnerabilities reported by NGSSoftware

Microsoft Visual Studio Resource File Handling Client-Side Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0296
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-23

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in Microsoft Visual Studio, which could be exploited by attackers to execute arbitrary commands. This issue is due to a buffer overflow error when processing a resource file (.rc) containing an overly long "TYPELIB MOVEABLE PURE" statement, which could be exploited by attackers to compromise a vulnerable system by convincing a user to open a specially crafted file or project.

Affected Products

Microsoft Visual Studio 6 SP6 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0296

Credits

Vulnerability reported by porkythepig

Mandriva Security Update Fixes Kernel Security Bypass and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-0308
CVE ID : CVE-2005-3272 - CVE-2006-0741 - CVE-2006-2446 - CVE-2006-3741 - CVE-2006-4145 - CVE-2006-4535 - CVE-2006-4813 - CVE-2006-4997 - CVE-2006-5619 - CVE-2006-5749 - CVE-2006-5754 - CVE-2006-6106
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Mandriva has released security updates to address multiple vulnerabilities identified in Kernel. These issues could be exploited by attackers to bypass security restrictions, cause a denial of service, or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-0804 - FrSIRT/ADV-2006-3937 - FrSIRT/ADV-2006-3308 - FrSIRT/ADV-2006-4716 - FrSIRT/ADV-2006-4297 - FrSIRT/ADV-2006-5037

Affected Products

Mandriva Corporate 3.0
Mandriva Multi Network Firewall 2.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0308
http://archives.mandrivalinux.com/security-announce/2007-01/msg00038.php

Mandriva Security Update Fixes Squid FTP and NTML Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0307
CVE ID : CVE-2007-0247 - CVE-2007-0248
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Mandriva has released security updates to address two vulnerabilities identified in Squid. These issues could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0199

Affected Products

Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0307
http://archives.mandrivalinux.com/security-announce/2007-01/msg00040.php

Gentoo Security Update Fixes Centericq LiveJournal Module Buffer Overflow Issue

Advisory ID : FrSIRT/ADV-2007-0306
CVE ID : CVE-2007-0160
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Gentoo has released security updates to address a vulnerability identified in Centericq. This issue is due to a buffer overflow error in the "hooks/ljhook.cc" file that does not properly handle certain communications with the LiveJournal service, which could be exploited by remote attackers to execute arbitrary commands.

Affected Products

net-im/centericq version 4.21.0-r2 and prior

Solution

Remove the affected package :
# emerge --ask --verbose --unmerge "net-im/centericq"

References

http://www.frsirt.com/english/advisories/2007/0306
http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml

Gentoo Security Update Fixes OpenLDAP "gencert.sh" Insecure Temporary Files Issue

Advisory ID : FrSIRT/ADV-2007-0305
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in Gentoo, which could be exploited by local attackers to bypass security restrictions. This issue is due to an error in the "gencert.sh" script (distributed with the Gentoo ebuild for OpenLDAP) that handles temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.

Affected Products

net-nds/openldap versions prior to 2.1.30-r10
net-nds/openldap versions prior to 2.2.28-r7
net-nds/openldap versions prior to 2.3.30-r2

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose "net-nds/openldap"

References

http://www.frsirt.com/english/advisories/2007/0305
http://www.gentoo.org/security/en/glsa/glsa-200701-19.xml

Gentoo Security Update Fixes Xine-ui "errors_create_window()" Format String Issue

Advisory ID : FrSIRT/ADV-2007-0304
CVE ID : CVE-2007-0254
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Gentoo has released security updates to address a vulnerability identified in xine-ui. This issue is due to format string errors in the "errors_create_window()" [errors.c] function when proessing a specially crafted media file, which could be exploited by remote attackers to execute arbitrary commands.

Affected Products

media-video/xine-ui versions prior to 0.99.5_pre20060716

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=media-video/xine-ui-0.99.5_pre20060716"

References

http://www.frsirt.com/english/advisories/2007/0304
http://www.gentoo.org/security/en/glsa/glsa-200701-18.xml

Ubuntu Security Update Fixes BlueZ Connection Authentication Bypass Vulnerability

Advisory ID : FrSIRT/ADV-2007-0303
CVE ID : CVE-2006-6899
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Ubuntu has released security updates to address a vulnerability identified in bluez-utils. This issue could be exploited by remote attackers to gain unauthorized access to a vulnerable device. For additional information, see : FrSIRT/ADV-2007-0200

Affected Products

Ubuntu 5.10

Solution

Upgrade to bluez-utils 2.20-0ubuntu3.1

References

http://www.frsirt.com/english/advisories/2007/0303
http://www.ubuntu.com/usn/usn-413-1

Ubuntu Security Update Fixes GeoIP Remote Directory Traversal Vulnerability

Advisory ID : FrSIRT/ADV-2007-0302
CVE ID : CVE-2007-0159
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Ubuntu has released security updates to address a vulnerability identified in GeoIP. This issue could be exploited by attackers to overwrite arbitrary files. For additional information, see : FrSIRT/ADV-2007-0117

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to geoip-bin 1.3.10-1ubuntu0.1
Ubuntu 6.06 LTS - Upgrade to geoip-bin 1.3.14-2ubuntu0.1
Ubuntu 6.10 - Upgrade to geoip-bin 1.3.17-1ubuntu0.1

References

http://www.frsirt.com/english/advisories/2007/0302
http://www.ubuntu.com/usn/usn-412-1

Ubuntu Security Update Fixes Libsoup Headers Handling Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0301
CVE ID : CVE-2006-5876
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-24

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Ubuntu has released updated packages to address a vulnerability identified in Libsoup. This issue could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0173

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to libsoup2.2-8 2.2.6.1-0ubuntu1.1
Ubuntu 6.06 LTS - Upgrade to libsoup2.2-8 2.2.93-0ubuntu1.1
Ubuntu 6.10 - Upgrade libsoup2.2-8 2.2.96-0ubuntu2.1

References

http://www.frsirt.com/english/advisories/2007/0301
http://www.ubuntu.com/usn/usn-411-1

TITLE:
Xrlly Software NCTAudioFile2 ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA23558

VERIFY ADVISORY:
http://secunia.com/advisories/23558/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Arial Sound Recorder 1.x
http://secunia.com/product/13027/
Arial Audio Converter 2.x
http://secunia.com/product/13020/
Text to Speech Maker 1.x
http://secunia.com/product/13028/

DESCRIPTION:
Secunia Research has discovered a vulnerability in various Xrlly
Software products, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23475

The vulnerability is confirmed in the following versions:
* Text to Speech Maker 1.3.8
* Arial Sound Recorder 1.4.3
* Arial Audio Converter 2.3.40

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-25/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/

TITLE:
Ubuntu update for bluez-utils

SECUNIA ADVISORY ID:
SA23879

VERIFY ADVISORY:
http://secunia.com/advisories/23879/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for bluez-utils. This fixes a
vulnerability, which can be exploited by malicious people to
compromise a vulnerable system.

For more information:
SA23747

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-413-1

OTHER REFERENCES:
SA23747:
http://secunia.com/advisories/23747/

TITLE:
Ubuntu update for geoip-bin

SECUNIA ADVISORY ID:
SA23906

VERIFY ADVISORY:
http://secunia.com/advisories/23906/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for geoip-bin. This fixes a
vulnerability, which can be exploited by malicious people to
overwrite arbitrary files on a user's system.

For more information:
SA23880

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-412-1

OTHER REFERENCES:
SA23880:
http://secunia.com/advisories/23880/

TITLE:
Audio Edit Magic NCTAudioFile2 ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA23548

VERIFY ADVISORY:
http://secunia.com/advisories/23548/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Audio Edit Magic 9.x
http://secunia.com/product/13042/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Audio Edit Magic,
which can be exploited by malicious people to compromise a user's
system.

For more information:
SA23475

The vulnerability is confirmed in versions 9.2.3 Build 389 and 9.2.6
Build 512. Other versions may also be affected.

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-18/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/

TITLE:
Code-it Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow

SECUNIA ADVISORY ID:
SA23536

VERIFY ADVISORY:
http://secunia.com/advisories/23536/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Wave MP3 Editor 10.x
http://secunia.com/product/13060/
aBasic Editor 10.x
http://secunia.com/product/13269/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Wave MP3 Editor
and aBasic Editor, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23475

The vulnerability is confirmed in version 10.1. Other versions may
also be affected.

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-12/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/

TITLE:
Magic Video Products NCTAudioFile2 ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA23485

VERIFY ADVISORY:
http://secunia.com/advisories/23485/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Magic Audio Converter 8.x
http://secunia.com/product/13079/
Magic Audio Recorder 5.x
http://secunia.com/product/13077/
Magic Music Editor 5.x
http://secunia.com/product/13078/

DESCRIPTION:
Secunia Research has discovered a vulnerability in various Magic
Video products, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA23475

The vulnerability is confirmed in the following versions:
* Magic Audio Recorder 5.3.7
* Magic Music Editor 5.2.2
* Magic Audio Converter 8.2.6 build 719

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-3/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/

Summary
Check Point Connectra is "a complete Web Security Gateway that provides SSL VPN access and comprehensive endpoint and integrated intrusion prevention. Security in a single unified remote access solution. By combining both SSL VPN connectivity and security in one solution, organizations can effectively deploy SSL VPNs Safely and securely to a diverse set of remote users while ensuring the confidentiality and integrity of information that is critical to the success of any business".

A vulnerability in the way Check Point's Connectra verifies whether the client has passed the required policy or not has been found to be weak enough for a malicious attacker to make the Connectra product think the client has passed the required policy even if he has not.

Credit:
The information has been provided by Roni Bachar.

http://www.securiteam.com/securitynews/5JP0P15KAI.html

Summary
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This vulnerability was initially reported by a customer and further trigger vector was discovered during developing the fix for this vulnerability.

Credit:
The information has been provided by Cisco Systems Product Security Incident Response Team.
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

http://www.securiteam.com/securitynews/5KP0Q15KAA.html

TITLE:
Gentoo update for openldap

SECUNIA ADVISORY ID:
SA23881

VERIFY ADVISORY:
http://secunia.com/advisories/23881/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to the "gencert.sh" script using
temporary files insecurely during the emerge process. This can be
exploited via symlink attacks to overwrite arbitrary files with the
privileges of the user running the emerge process.

SOLUTION:
Update to the latest version of "net-nds/openldap".

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200701-19.xml

TITLE:
CDBurnerXP Pro NCTAudioFile2 ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA23535

VERIFY ADVISORY:
http://secunia.com/advisories/23535/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
CDBurnerXP Pro 2.x
http://secunia.com/product/8312/
CDBurnerXP Pro 3.x
http://secunia.com/product/5927/

DESCRIPTION:
Secunia Research has discovered a vulnerability in CDBurnerXP Pro,
which can be exploited by malicious people to compromise a user's
system.

For more information:
SA23475

The vulnerability is confirmed in version 3.0.116. Other versions may
also be affected.

SOLUTION:
Set the kill-bit for the ActiveX control.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-11/

OTHER REFERENCES:
SA23475:
http://secunia.com/advisories/23475/