Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 8, 2007

Omni Group OmniWeb Browser JavaScript "alert()" Remote Format String Vulnerability

A vulnerability has been identified in Omni Group OmniWeb browser, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This issue is due to a format string error when processing a specially crafted JavaScript "alert()" function, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by tricking a user into visiting a malicious Web page.

Affected Products

Omni Group OmniWeb version 5.5.1 and prior

Solution

Upgrade to OmniWeb version 5.5.2 :
http://www.omnigroup.com/download/latest/OmniWeb.dmg

References

http://www.frsirt.com/english/advisories/2007/0075
http://projects.info-pull.com/moab/MOAB-07-01-2007.html

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 8, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 8, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Apple Mac OS X DiskManagement BOM File Handling Privilege...

In reply to: VULNERABILITIES - January 8, 2007

Escalation Vulnerability

A vulnerability has been identified in Apple Mac OS X, which could be exploited by local attackers to obtain elevated privileges. This issue is due to an error in the DiskManagement framework when processing BOM files, which could be exploited by malicious users to execute arbitrary commands with elevated privileges via the "diskutil" tool.

Note : This issue is reportedly being exploited in the wild.

Affected Products

Apple Mac OS X version 10.4.8 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0074
http://projects.info-pull.com/moab/MOAB-05-01-2007.html

Collapse -
Also a Secunia advisory with work-around

Mac OS X BOM Privilege Escalation Vulnerability
http://secunia.com/advisories/23653/

A vulnerability has been reported in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that permissions in BOM files are not properly validated and can be exploited to create new permissions on specified files and directories, or gain root privileges by creating a specially crafted BOM file and then running "diskutil repairPermissions /".

The vulnerability is reported in version 10.4.8 . Other versions may also be affected.

Solution:
Remove the setuid bit from /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManagementTool

Collapse -
Kerio Fake 'iphlpapi' DLL injection Vulnerability

In reply to: VULNERABILITIES - January 8, 2007

A vulnerability in the Kerio allows local attackers to cause the product to load an arbitrary DLL which in turn can be used to compromise the system.

Vulnerable software:
* Sunbelt Kerio Personal Firewall 4.3.268
* Sunbelt Kerio Personal Firewall 4.3.246
* probably all versions of Sunbelt Kerio Personal Firewall 4
* possibly older versions of Sunbelt Kerio Personal Firewall

When Sunbelt Kerio Personal Firewall (SKPF) loads dependent modules, it relies on the operating system. System library iphlpapi.dll is located in the system directory but the main SKPF service, which requires and loads this DLL, is located in the installation directory of SKPF. This is why it tries to find iphlpapi.dll in its installation directory at first and then, if it is not found in this directory, it tries to find it in the system directory. Moreover, it is possible to create new files in the installation directory of SKPF. A malicious application can create a fake iphlpapi.dll in the installation directory of SKPF, which will be loaded by the operating system into the SKPF service during its initialization. This is how the malicious application is able to execute an arbitrary code inside SKPF service and bypass any of its security mechanisms.

Events:
* 2006-01-05: Candidate for inclusion in the CVE list
* 2006-01-04: Vulnerability confirmed by popular information sources
* 2007-01-01: Advisory released
* 2006-08-12: Vendor notification

Credit:
The information has been provided by Matousec - Transparent security Research.
The original article can be found at: http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php

Source: http://www.securiteam.com/windowsntfocus/5VP052AKAI.html

Collapse -
Sun Java System Content Delivery Server Content Details Disc

In reply to: VULNERABILITIES - January 8, 2007

Sun Java System Content Delivery Server Content Details Disclosure

TITLE:
Sun Java System Content Delivery Server Content Details Disclosure

SECUNIA ADVISORY ID:
SA23630

VERIFY ADVISORY:
http://secunia.com/advisories/23630/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Sun Java System Content Delivery Server 5.x
http://secunia.com/product/11684/

DESCRIPTION:
A vulnerability has been reported in Sun Java System Content Delivery
Server, which can be exploited by malicious people to disclose
sensitive information.

The vulnerability is caused due to an unspecified error and can be
exploited to disclose the details of protected contents. No further
information is available.

The vulnerability is reported in version 5.0 and 5.0 PU1(for Solaris
9 and 10) without patch 5.0_2005Q4_IR3_P5. Other versions may also be
affected.

Note: Sun Java System Content Delivery Server version 4.0 and 4.1 are
reportedly not affected.

SOLUTION:
Apply patch 5.0_2005Q4_IR3_P6.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102764-1

Collapse -
Ubuntu update for avahi

In reply to: VULNERABILITIES - January 8, 2007

TITLE:
Ubuntu update for avahi

SECUNIA ADVISORY ID:
SA23673

VERIFY ADVISORY:
http://secunia.com/advisories/23673/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for avahi. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service).

For more information:
SA23660

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-402-1

OTHER REFERENCES:
SA23660:
http://secunia.com/advisories/23660/

Collapse -
Fedora update for avahi

In reply to: VULNERABILITIES - January 8, 2007

TITLE:
Fedora update for avahi

SECUNIA ADVISORY ID:
SA23628

VERIFY ADVISORY:
http://secunia.com/advisories/23628/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23660

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2362

OTHER REFERENCES:
SA23660:
http://secunia.com/advisories/23660/

Collapse -
Cisco Secure ACS Multiple Vulnerabilities

In reply to: VULNERABILITIES - January 8, 2007

TITLE:
Cisco Secure ACS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA23629

VERIFY ADVISORY:
http://secunia.com/advisories/23629/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Cisco Secure ACS Solution Engine 3.x
http://secunia.com/product/4206/

SOFTWARE:
Cisco Secure ACS 3.x
http://secunia.com/product/679/
Cisco Secure ACS 4.x
http://secunia.com/product/10635/

DESCRIPTION:
Some vulnerabilities have been reported in Cisco Secure ACS, which
can be exploited by malicious users or people to cause a DoS (Denial
of Service) or to compromise a vulnerable system.

1) An unspecified error within the CSAdmin service when processing
HTTP GET requests can be exploited to cause a stack-based buffer
overflow via a specially crafted HTTP GET request.

Successful exploitation allows execution of arbitrary code.

2) An unspecified error within the CSRadius service when processing
RADIUS Accounting-Request packets can be exploited to cause a
stack-based buffer overflow via a specially crafted RADIUS
Accounting-Request packet.

Successful exploitation allows execution of arbitrary code.

3) Unspecified errors within the CSRadius service when processing
RADIUS Access-Request packets can be exploited to crash the service
via a specially crafted RADIUS Access-Request packet.

The vulnerabilities are reported in versions prior to 4.1. Other
versions may also be affected.

Note: The following products are reportedly not affected:
* Cisco Secure ACS for Unix (CSU).
* Cisco CNS Access Registrar (CAR).
* Cisco Secure ACS server for Windows version 4.1(X) or later.
* Cisco Secure ACS server solution Engine version 4.1(X) or later.

SOLUTION:
Apply patches.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits CESG's Vulnerability Research Group and National
Infrastructure Security Co-ordination Centre (NISCC).

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

Collapse -
Avahi "consume_labels()" Denial of Service Vulnerability

In reply to: VULNERABILITIES - January 8, 2007

TITLE:
Avahi "consume_labels()" Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23660

VERIFY ADVISORY:
http://secunia.com/advisories/23660/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

SOFTWARE:
Avahi 0.x
http://secunia.com/product/9784/

DESCRIPTION:
A vulnerability has been reported in Avahi, which can be exploited by
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the
"consume_labels()" function in avahi-core/dns.c when handling
compressed packets. This can be exploited to cause an endless loop by
sending specially crafted packets with compression labels that refer
each other.

The vulnerability is reported in versions prior to Avahi 0.6.16.

SOLUTION:
Update to version 0.6.16.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.avahi.org/ticket/84

http://www.avahi.org/#December2006

Collapse -
Novell Access Manager Identity Server "IssueInstant" Cross S

In reply to: VULNERABILITIES - January 8, 2007

Novell Access Manager Identity Server "IssueInstant" Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-0073
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-08

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in Novell Access Manager Identity Server, which could be exploited by attackers to execute arbitrary scripting code. This issue is due to an input validation error in the "nidp/idff/sso" script when handling the "IssueInstant" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected application.

Affected Products

Novell Access Management 3

Solution

Apply the Identity server builds 3.0.0-1013 shipped with Access Manager SP1 IR1 :
http://download.novell.com/index.jsp?sourceidint=hdr_download

References

http://www.frsirt.com/english/advisories/2007/0073
https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html

Credits

Vulnerability reported by the vendor

Collapse -
Debian Security Update Fixes ProFTPD "mod_radius" Denial of

In reply to: VULNERABILITIES - January 8, 2007

Debian Security Update Fixes ProFTPD "mod_radius" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0069
CVE ID : CVE-2005-4816
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-08

Debian has released security updates to address a vulnerability identified in ProFTPD. This issue is due to an error in the "radius_add_passwd()" function within "mod_radius", which could be exploited by attackers to crash an affected application or potentially execute arbitrary commands by supplying an overly long password.

Affected Products

Debian GNU/Linux stable (sarge)
Debian GNU/Linux unstable (sid)
Debian GNU/Linux testing (etch)

Solution

Debian GNU/Linux stable (sarge) - Upgrade to version 1.2.10-15sarge4
Debian GNU/Linux unstable (sid) - Upgrade to version 1.2.10+1.3.0rc5-1
Debian GNU/Linux testing (etch) - Upgrade to version 1.2.10+1.3.0rc5-1

References

http://www.frsirt.com/english/advisories/2007/0069
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00000.html

Collapse -
Trustix Security Update Fixes Kernel Memory Corruption and D

In reply to: VULNERABILITIES - January 8, 2007

Trustix Security Update Fixes Kernel Memory Corruption and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-0070
CVE ID : CVE-2006-4814 - CVE-2006-5749 - CVE-2006-6106
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-08

Trustix has released security updates to address multiple vulnerabilities identified in Kernel. These issues could be exploited by attackers to cause a denial of service or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-5082 - FrSIRT/ADV-2006-5037

Affected Products

Trustix Secure Linux 2.2

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0070
http://lists.trustix.org/pipermail/tsl-announce/2007-January/000454.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.