Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - June 11, 2007

by Marianna Schmudlach / June 11, 2007 1:40 AM PDT

CA BrightStor ARCserve Backup for Laptops and Desktops Code Execution Issues

Advisory ID : FrSIRT/ADV-2007-2121
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

Multiple vulnerabilities have been identified in CA BrightStor ARCserve Backup for Laptops and Desktops, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by unspecified memory corruption errors when processing malformed requests, which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code with SYSTEM privileges.

Affected Products

CA BrightStor ARCserve Backup for Laptops and Desktops r11.1

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2121
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp
http://research.eeye.com/html/advisories/upcoming/20070604.html

Credits

Vulnerabilities reported by eEye Digital Security.

Discussion is locked
You are posting a reply to: VULNERABILITIES - June 11, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - June 11, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Webmin "pam_login.cgi" Multiple Parameter Handling Cross Sit
by Marianna Schmudlach / June 11, 2007 1:42 AM PDT

Webmin "pam_login.cgi" Multiple Parameter Handling Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-2117
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Webmin, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by input validation errors in the "pam_login.cgi" script when processing the "cid", "message" and "question" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

Webmin version 1.340 and prior

Solution

Upgrade to Webmin version 1.350 :
http://www.webmin.com/download.html

References

http://www.frsirt.com/english/advisories/2007/2117
http://www.webmin.com/changes-1.350.html

Credits

Vulnerability reported by the vendor.

Collapse -
Novell Modular Authentication Service NMASINST Information D
by Marianna Schmudlach / June 11, 2007 1:43 AM PDT

Novell Modular Authentication Service NMASINST Information Disclosure Vulnerability

Advisory ID : FrSIRT/ADV-2007-2118
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Novell Modular Authentication Service (NMAS), which could be exploited by malicious users to gain knowledge of sensitive information. This issue is caused by an error in the NMASINST utility that dumps the command line including the admin account and password to the "SYS:/ETC/NMAS/NMASINST.LOG" file on NetWare, which could be exploited by local attackers to disclose the administrative password.

Affected Products

Novell Modular Authentication Service (NMAS) version 3.1.2 and prior (on NetWare)

Solution

Upgrade to NMAS version 3.1.3 (available in Security Services 2.0.4) :
http://download.novell.com/Download?buildid=ttXNAk5nEeg~

References

http://www.frsirt.com/english/advisories/2007/2118
https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html

Credits

Vulnerability reported by the vendor.

Collapse -
Sun Solaris sshd Protocol Version 1 Implementation Denial of
by Marianna Schmudlach / June 11, 2007 1:44 AM PDT

Sun Solaris sshd Protocol Version 1 Implementation Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-2119
CVE ID : CVE-2006-4924
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Sun Solaris, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error in sshd. For additional information, see : FrSIRT/ADV-2006-3777

Affected Products

Sun Solaris 9
Sun Solaris 10

Solution

Disable version 1 of the protocol :
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2119
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1

Collapse -
Sun Solaris scp Command Handling Local Privilege Escalation
by Marianna Schmudlach / June 11, 2007 1:45 AM PDT

Sun Solaris scp Command Handling Local Privilege Escalation Vulnerability

Advisory ID : FrSIRT/ADV-2007-2120
CVE ID : CVE-2006-0225
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Sun Solaris, which could be exploited by malicious users to execute arbitrary code with elevated privileges. This issue is caused by an error in scp. For additional information, see : FrSIRT/ADV-2006-0306

Affected Products

Sun Solaris 9
Sun Solaris 10

Solution

A final resolution is pending completion.

References

http://www.frsirt.com/english/advisories/2007/2120
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1

Collapse -
MySQL Security Update Fixes Restrictions Bypass and Library
by Marianna Schmudlach / June 11, 2007 1:47 AM PDT

MySQL Security Update Fixes Restrictions Bypass and Library Loading Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2122
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

Two vulnerabilities have been identified in MySQL, which could be exploited by malicious users to bypass security restrictions, manipulate certain data or potentially obtain elevated privileges.

The first issue is caused by an error in the "mysql_update()" [sql/sql_update.cc] function that does not properly validate user privileges when using a view, which could be exploited by a malicious user to gain UPDATE privileges on arbitrary tables.

The second vulnerability is caused by errors in the "udf_init()" and "mysql_create_function()" [sql/sql_udf.cc] functions that do not properly validate library paths, which could be exploited by malicious users to load arbitrary libraries.

Affected Products

MySQL versions prior to 5.0.42
MySQL versions prior to 5.1.19

Solution

Upgrade to MySQL version 5.0.42 or 5.1.19 :
http://dev.mysql.com/downloads/

References

http://www.frsirt.com/english/advisories/2007/2122
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-19.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-42.html
http://bugs.mysql.com/bug.php?id=27878
http://bugs.mysql.com/bug.php?id=28341

Credits

Vulnerabilities reported by Phil Anderton and Brian Aker.

Collapse -
Packeteer PacketShaper Web Management DoS
by Marianna Schmudlach / June 11, 2007 1:49 AM PDT

Summary
Packeteer PacketShaper's web management interface has been found to contain a vulnerability where a read-only access user to the system can cause it to hang by sending it a malformed request.

Credit:
The information has been provided by nnposter.

http://www.securiteam.com/unixfocus/5YP0D0ALPS.html

Collapse -
SuSE Security Update Fixes ClamAV Multiple Remote Denial of
by Marianna Schmudlach / June 11, 2007 2:06 AM PDT

SuSE Security Update Fixes ClamAV Multiple Remote Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2107
CVE ID : CVE-2007-2650 - CVE-2007-3023 - CVE-2007-3024
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

Multiple vulnerabilities have been identified in SuSE, which could be exploited by attackers to cause a denial of service. These issues are caused by errors in ClamAV. For additional information, see : FrSIRT/ADV-2007-1776

Affected Products

SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
SUSE SLES 9
Open Enterprise Server
Novell Linux POS 9

Solution

Upgrade the affected package :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/2107
http://lists.suse.com/archive/suse-security-announce/2007-Jun/0002.html

Collapse -
Mandriva Security Update Fixes Libexif "exif_data_load_data_
by Marianna Schmudlach / June 11, 2007 2:07 AM PDT

Mandriva Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow

Advisory ID : FrSIRT/ADV-2007-2108
CVE ID : CVE-2007-2645
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : FrSIRT/ADV-2007-1761

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2108
http://archives.mandrivalinux.com/security-announce/2007-06/msg00009.php

Collapse -
rPath Security Update Fixes GD Graphics Library Denial of Se
by Marianna Schmudlach / June 11, 2007 2:08 AM PDT

rPath Security Update Fixes GD Graphics Library Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-2109
CVE ID : CVE-2007-2756
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in rPath, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in gd. For additional information, see : FrSIRT/ADV-2007-1904

Affected Products

rPath Linux 1

Solution

Upgrade the affected packages :
gd=/conary.rpath.com at rpl:devel//1/2.0.33-4.4-1
php=/conary.rpath.com at rpl:devel//1/4.3.11-15.11-1
php-mysql=/conary.rpath.com at rpl:devel//1/4.3.11-15.11-1
php-pgsql=/conary.rpath.com at rpl:devel//1/4.3.11-15.11-1

References

http://www.frsirt.com/english/advisories/2007/2109
http://lists.rpath.com/pipermail/security-announce/2007-June/000196.html

Collapse -
Ubuntu Security Update Fixes Kernel Security Bypass and Info
by Marianna Schmudlach / June 11, 2007 2:10 AM PDT

Ubuntu Security Update Fixes Kernel Security Bypass and Information Disclosure

Advisory ID : FrSIRT/ADV-2007-2110
CVE ID : CVE-2007-1353 - CVE-2007-2451 - CVE-2007-2453
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

Multiple vulnerabilities have been identified in Ubuntu, which could be exploited by attackers to bypass security restrictions or disclose sensitive information. These issues are caused by errors in Kernel. For additional information, see : FrSIRT/ADV-2007-1495 - FrSIRT/ADV-2007-1987 - FrSIRT/ADV-2007-2105

Affected Products

Ubuntu 7.04

Solution

Upgrade the affected packages :
http://www.ubuntu.com/usn/usn-470-1

References

http://www.frsirt.com/english/advisories/2007/2110
http://www.ubuntu.com/usn/usn-470-1

Collapse -
Debian Security Update Fixes GIMP Sunras Plugin Command Exec
by Marianna Schmudlach / June 11, 2007 2:11 AM PDT

Debian Security Update Fixes GIMP Sunras Plugin Command Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2111
CVE ID : CVE-2007-2356
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Debian, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in GIMP. For additional information, see : FrSIRT/ADV-2007-1560

Affected Products

Debian GNU/Linux etch
Debian GNU/Linux sarge
Debian GNU/Linux sid
Debian GNU/Linux lenny

Solution

Debian GNU/Linux etch - Upgrade to version 2.2.13-1etch1
Debian GNU/Linux sarge - Upgrade to version 2.2.6-1sarge2
Debian GNU/Linux sid - Upgrade to version 2.2.14-2
Debian GNU/Linux lenny - Upgrade to version 2.2.14-2

References

http://www.frsirt.com/english/advisories/2007/2111
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00061.html

Collapse -
Debian Security Update Fixes FreeType "TT_Load_Simple_Glyph(
by Marianna Schmudlach / June 11, 2007 2:12 AM PDT

Debian Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow

Advisory ID : FrSIRT/ADV-2007-2112
CVE ID : CVE-2007-2754
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Debian, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in FreeType. For additional information, see : FrSIRT/ADV-2007-1894

Affected Products

Debian GNU/Linux etch
Debian GNU/Linux sid

Solution

Debian GNU/Linux etch - Upgrade to version 2.2.1-5+etch1
Debian GNU/Linux sid - Upgrade to version 2.2.1-6

References

http://www.frsirt.com/english/advisories/2007/2112
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00063.html

Collapse -
Debian Security Update Fixes Lighttpd Multiple Remote Denial
by Marianna Schmudlach / June 11, 2007 2:13 AM PDT

Advisory ID : FrSIRT/ADV-2007-2113
CVE ID : CVE-2007-1869 - CVE-2007-1870
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

Multiple vulnerabilities have been identified in Debian, which could be exploited by remote attackers to cause a denial of service. These issues are caused by errors in Lighttpd. For additional information, see : FrSIRT/ADV-2007-1399

Affected Products

Debian GNU/Linux etch
Debian GNU/Linux sid

Solution

Debian GNU/Linux etch - Upgrade to version 1.4.13-4etch1
Debian GNU/Linux sid - Upgrade to version 1.4.14-1

References

http://www.frsirt.com/english/advisories/2007/2113
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00062.html

Collapse -
OpenPKG Security Update Fixes WordPress XML-RPC SQL Injectio
by Marianna Schmudlach / June 11, 2007 2:15 AM PDT

OpenPKG Security Update Fixes WordPress XML-RPC SQL Injection Vulnerability

Advisory ID : FrSIRT/ADV-2007-2114
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in OpenPKG, which could be exploited by malicious users to execute arbitrary SQL queries. This issue is caused by an error in WordPress. For additional information, see : FrSIRT/ADV-2007-2099

Affected Products

OpenPKG Community CURRENT

Solution

Upgrade the affected package :
http://www.openpkg.org/product/packages/?package=wordpress

References

http://www.frsirt.com/english/advisories/2007/2114
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html

Collapse -
Fedora Security Update Fixes BIND "query_addsoa()" Denial of
by Marianna Schmudlach / June 11, 2007 2:16 AM PDT

Fedora Security Update Fixes BIND "query_addsoa()" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-2115
CVE ID : CVE-2007-2241
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error in BIND. For additional information, see : FrSIRT/ADV-2007-1593

Affected Products

Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2115
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00109.html

Collapse -
Fedora Security Update Fixes Apache Mod_perl Remote Denial o
by Marianna Schmudlach / June 11, 2007 2:17 AM PDT

Fedora Security Update Fixes Apache Mod_perl Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-2116
CVE ID : CVE-2007-1349
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in mod_perl. For additional information, see : FrSIRT/ADV-2007-1150

Affected Products

Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2116
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00135.html

Collapse -
Redhat Security Update Fixes FreeType "TT_Load_Simple_Glyph(
by Marianna Schmudlach / June 11, 2007 2:20 AM PDT

Redhat Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow


Advisory ID : FrSIRT/ADV-2007-2125
CVE ID : CVE-2007-2754
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11
Technical Description

A vulnerability has been identified in Redhat, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in FreeType. For additional information, see : FrSIRT/ADV-2007-1894

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 (Itanium)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/2125
http://rhn.redhat.com/errata/RHSA-2007-0403.html

Collapse -
Link Request Contact Form PHP File Upload
by Marianna Schmudlach / June 11, 2007 2:44 AM PDT

Secunia Advisory: SA25614
Release Date: 2007-06-11


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Link Request Contact Form 3.x

Description:
CorryL has discovered a vulnerability in Link Request Contact Form, which can be exploited by malicious people to compromise a vulnerable system.

The output.php script fails to validate the extension of an uploaded file. This can be exploited to upload files with the ".php" extension and execute arbitrary PHP code on the server.

Successful exploitation requires passing an allowed MIME media type in the HTTP headers.

The vulnerability is confirmed in version 3.4. Other versions may also be affected.

Solution:
Restrict access to the uploads/ directory (e.g. with ".htaccess").

Provided and/or discovered by:
CorryL

Original Advisory:
http://corryl.altervista.org/index.php?mod=read&id=1181469701

Collapse -
SafeNet Products "IPSecDrv.sys" IPv6 Support Denial of Servi
by Marianna Schmudlach / June 11, 2007 2:52 AM PDT

TITLE:
SafeNet Products "IPSecDrv.sys" IPv6 Support Denial of Service

SECUNIA ADVISORY ID:
SA25574

VERIFY ADVISORY:
http://secunia.com/advisories/25574/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
SafeNet SoftRemote 9.x
http://secunia.com/product/9097/
SafeNet HighAssurance Remote 1.x
http://secunia.com/product/14465/

DESCRIPTION:
mu-b has reported a vulnerability in some SafeNet products, which can
be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the IPv6 support
in "IPSecDrv.sys" and can be exploited to cause an infinite loop via
a specially crafted packet.

The vulnerability is reported in SafeNet HighAssurance Remote version
1.4.0 and SafeNet SoftRemote.

SOLUTION:
Filter invalid packets using e.g. a firewall.

PROVIDED AND/OR DISCOVERED BY:
mu-b

ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063859.html

Collapse -
ERFAN WIKI "title" Cross-Site Scripting
by Marianna Schmudlach / June 11, 2007 2:53 AM PDT

TITLE:
ERFAN WIKI "title" Cross-Site Scripting

SECUNIA ADVISORY ID:
SA25586

VERIFY ADVISORY:
http://secunia.com/advisories/25586/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
ERFAN WIKI 1.x
http://secunia.com/product/14468/

DESCRIPTION:
A vulnerability has been discovered in ERFAN WIKI, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to the "title" parameter in index.php is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerability is confirmed in version 1.00 July2006. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
John Martinelli and an anonymous person

Collapse -
Mail Notification "WITH_SSL" Plaintext Password Security Iss
by Marianna Schmudlach / June 11, 2007 2:55 AM PDT

TITLE:
Mail Notification "WITH_SSL" Plaintext Password Security Issue

SECUNIA ADVISORY ID:
SA25600

VERIFY ADVISORY:
http://secunia.com/advisories/25600/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Mail Notification 4.x
http://secunia.com/product/14467/

DESCRIPTION:
Ted Percival has reported a security issue in Mail Notification,
which can be exploited by malicious people to disclose potentially
sensitive information.

If Mail Notification is compiled with "WITH_SSL" defined as 0, it's
silently using unencrypted connections for an account configured with
SSL/TLS. This can be exploited to disclose the password of a user by
e.g. sniffing network traffic.

The vulnerability is reported in version 4.0. Other versions may also
be affected.

SOLUTION:
Compile Mail Notification with SSL support.

PROVIDED AND/OR DISCOVERED BY:
Ted Percival

ORIGINAL ADVISORY:
https://savannah.nongnu.org/bugs/index.php?20131

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428157

Collapse -
JFFNMS Multiple Vulnerabilities
by Marianna Schmudlach / June 11, 2007 2:56 AM PDT

TITLE:
JFFNMS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA25587

VERIFY ADVISORY:
http://secunia.com/advisories/25587/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data, Exposure of system
information, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
JFFNMS 0.x
http://secunia.com/product/14470/

DESCRIPTION:
Some vulnerabilities have been reported in JFFNMS, which can be
exploited by malicious people to disclose sensitive information,
manipulate certain data, and conduct cross-site scripting and SQL
injection attacks.

1) Input passed to the "user" parameter in auth.php is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

2) Input passed to the "user" and "pass" parameters in auth.php is
not properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) It is possible to view certain system information returned by the
"phpinfo()" function by accessing the admin/adm/test.php script
directly.

4) It is possible to view and modify configuration settings via the
"admin/setup.php" script.

The vulnerabilities are reported in version 0.8.3. Other versions may
also be affected.

SOLUTION:
Vulnerability #3 and the "user" parameter in vulnerability #2 have
been fixed in version 0.8.4-pre2. Grant only trusted users access to
the application.

PROVIDED AND/OR DISCOVERED BY:
Tim Brown and an anonymous person.

Collapse -
GeometriX Download Portal "id" SQL Injection
by Marianna Schmudlach / June 11, 2007 5:25 AM PDT

TITLE:
GeometriX Download Portal "id" SQL Injection

SECUNIA ADVISORY ID:
SA25576

VERIFY ADVISORY:
http://secunia.com/advisories/25576/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
GeometriX Download Portal
http://secunia.com/product/14466/

DESCRIPTION:
CyberGhost has reported a vulnerability in GeometriX Download Portal,
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed to the "id" parameter in down_indir.asp is not properly
sanitised before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
CyberGhost

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4057

Collapse -
e-Vision CMS Multiple Vulnerabilities
by Marianna Schmudlach / June 11, 2007 5:27 AM PDT

TITLE:
e-Vision CMS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA25605

VERIFY ADVISORY:
http://secunia.com/advisories/25605/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information

WHERE:
From remote

SOFTWARE:
e-Vision CMS 2.x
http://secunia.com/product/14469/

DESCRIPTION:
Silentz has discovered some vulnerabilities in e-Vision CMS, which
can be exploited by malicious people to disclose sensitive
information or to conduct SQL injection attacks.

1) Input passed to the "img" parameter in admin/show_img.php is not
properly sanitised before being used to display files. This can be
exploited to display arbitrary files via directory traversal
attacks.

2) Input passed in the "adminlang" cookie to admin/functions.php is
not properly verified before being used to include files. This can be
exploited to include arbitrary files from local resources.

Successful exploitation of this vulnerability with arbitrary file
extensions requires that "magic_quotes_gpc" is disabled.

3) Input passed to the "template" parameter in style.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability allows e.g. retrieving
administrator usernames and password hashes, but requires that
"magic_quotes_gpc" is disabled.

The vulnerabilities are confirmed in version 2.0.2. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.

PROVIDED AND/OR DISCOVERED BY:
Silentz

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4054

Collapse -
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vu
by Marianna Schmudlach / June 11, 2007 3:07 PM PDT

Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability

Bugtraq ID: 24415
Class: Design Error
CVE:
Remote: No
Local: Yes
Published: Jun 11 2007 12:00AM
Updated: Jun 11 2007 12:00AM
Credit: Adam Blake of Deloitte, UK is credited with the discovery of this vulnerability.

Vulnerable: Cisco Trust Agent 2.1.103 .0
Cisco Trust Agent 2.0
Cisco Trust Agent 1.0

Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited prior to an authorized user being authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers.

http://www.securityfocus.com/bid/24415/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?