Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 13, 2007

by Marianna Schmudlach / March 13, 2007 1:50 AM PDT

xine-lib Two Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA24443

VERIFY ADVISORY:
http://secunia.com/advisories/24443/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
xine-lib 1.x
http://secunia.com/product/3410/

DESCRIPTION:
Some vulnerabilities have been reported in xine-lib, which can
potentially be exploited by malicious people to compromise a user's
system.

The vulnerabilities are caused due to boundary errors in the
"DMO_VideoDecoder_Open()" function in
src/libw32dll/dmo/DMO_VideoDecoder.c and in the
"DS_VideoDecoder_Open()" function in
src/libw32dll/DirectShow/DS_VideoDecoder.c. These can be exploited to
cause heap based buffer overflows and may allow execution of arbitrary
code via a specially crafted media file.

These are related to:
SA24444

SOLUTION:
Do not open media files from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
Originally reported in mplayer by Moritz Jodeit.

OTHER REFERENCES:
SA24444:
http://secunia.com/advisories/24444

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 13, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 13, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
HP-UX update for JRE / JDK
by Marianna Schmudlach / March 13, 2007 1:52 AM PDT

TITLE:
HP-UX update for JRE / JDK

SECUNIA ADVISORY ID:
SA24468

VERIFY ADVISORY:
http://secunia.com/advisories/24468/

CRITICAL:
Highly critical

IMPACT:
Privilege escalation, System access

WHERE:
From remote

OPERATING SYSTEM:
HP-UX 11.x
http://secunia.com/product/138/

DESCRIPTION:
HP has issued an update for JRE / JDK. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

For more information:
SA23445
SA23757

SOLUTION:
Apply updated packages.
http://www.hp.com/go/java

Java 1.5.0.00.00:
Update to revision 1.5.0.06 or subsequent.

Java 1.4.2.11 and earlier:
Update to revision 1.4.2.12 or subsequent.

Java 1.3.1.19 or earlier:
Update to revision 1.3.1.20 or subsequent.

ORIGINAL ADVISORY:
HPSBUX02196 SSRT071318
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00876579

OTHER REFERENCES:
SA23445:
http://secunia.com/advisories/23445/

SA23757:
http://secunia.com/advisories/23757/

Collapse -
Ubuntu update for xine-lib
by Marianna Schmudlach / March 13, 2007 1:53 AM PDT

TITLE:
Ubuntu update for xine-lib

SECUNIA ADVISORY ID:
SA24462

VERIFY ADVISORY:
http://secunia.com/advisories/24462/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/

DESCRIPTION:
Ubuntu has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

For more information:
SA24443

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-433-1
http://www.ubuntu.com/usn/usn-435-1

OTHER REFERENCES:
SA24443:
http://secunia.com/advisories/24443

Collapse -
Ubuntu update for ktorrent
by Marianna Schmudlach / March 13, 2007 1:54 AM PDT

TITLE:
Ubuntu update for ktorrent

SECUNIA ADVISORY ID:
SA24459

VERIFY ADVISORY:
http://secunia.com/advisories/24459/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 6.06
http://secunia.com/product/10611/

DESCRIPTION:
Ubuntu has issued an update for ktorrent. This fixes some
vulnerabilities, which can be exploited by malicious people to
overwrite arbitrary files on a user's system or to potentially
compromise a user's system.

For more information:
SA24486

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-436-1

OTHER REFERENCES:
SA24486:
http://secunia.com/advisories/24486/

Collapse -
MPlayer Two Buffer Overflow Vulnerabilities
by Marianna Schmudlach / March 13, 2007 1:56 AM PDT

TITLE:
MPlayer Two Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA24444

VERIFY ADVISORY:
http://secunia.com/advisories/24444/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
MPlayer 1.x
http://secunia.com/product/2255/

DESCRIPTION:
Some vulnerabilities have been reported in MPlayer, which can
potentially be exploited by malicious people to compromise a
vulnerable system.

The vulnerabilities are caused due to boundary errors in the
"DMO_VideoDecoder_Open()" function in loader/dmo/DMO_VideoDecoder.c
and in the "DS_VideoDecoder_Open()" function in
loader/dshow/DS_VideoDecoder.c. These can be exploited to cause
heap-based buffer overflows and may allow execution of arbitrary code
via a specially crafted media file.

The vulnerabilities are reported in version 1.0rc1. Other versions
may also be affected.

SOLUTION:
The vulnerabilities are fixed in the SVN repository.

Do not open media files from untrusted sources..

PROVIDED AND/OR DISCOVERED BY:
Moritz Jodeit

ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html

Collapse -
Fedora update for gnupg
by Marianna Schmudlach / March 13, 2007 1:58 AM PDT

TITLE:
Fedora update for gnupg

SECUNIA ADVISORY ID:
SA24489

VERIFY ADVISORY:
http://secunia.com/advisories/24489/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions when applications use GnuPG in an insecure manner.

For more information:
SA24412

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2775
http://fedoranews.org/cms/node/2774

OTHER REFERENCES:
SA24365:
http://secunia.com/advisories/24365/

Collapse -
WordPress "wp_title()" and "single_month_title()" Cross Site
by Marianna Schmudlach / March 13, 2007 5:13 AM PDT

WordPress "wp_title()" and "single_month_title()" Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-0911
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code. This issue is due to input validation errors in the "wp_title()" and "single_month_title()" [wp-includes/general-template.php] functions when processing certain parameters (e.g. "year"), which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

WordPress versions 2.x

Solution

A fix is available via CVS :
http://trac.wordpress.org/changeset/5003

References

http://www.frsirt.com/english/advisories/2007/0911
http://chxsecurity.org/advisories/adv-1-mid.txt

Credits

Vulnerabilities reported by g30rg3_x

Collapse -
Netperf "netperf.debug" Insecure Temporary File Creation Vul
by Marianna Schmudlach / March 13, 2007 5:15 AM PDT

Netperf "netperf.debug" Insecure Temporary File Creation Vulnerability

Advisory ID : FrSIRT/ADV-2007-0912
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

A vulnerability has been identified in Netperf, which could be exploited by local attackers to bypass security restrictions. This issue is due to an error in the "netserver" start script that creates the "/tmp/netperf.debug" file in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.

Affected Products

netperf version 2.4.3 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0912
http://bugs.debian.org/413658

Credits

Vulnerability reported by Philippe Coval

Collapse -
KTorrent Filename Directory Traversal and Message Handling D
by Marianna Schmudlach / March 13, 2007 5:16 AM PDT

KTorrent Filename Directory Traversal and Message Handling Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-0913
CVE ID : CVE-2007-1384 - CVE-2007-1385
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

Two vulnerabilities have been identified in KTorrent, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary commands.

The first issue is due to an input validation error when processing paths of filenames, which could be exploited to overwrite arbitrary files via directory traversal attacks by tricking a user into opening a malicious torrent.

The second vulnerability is due to an error when handling messages with malformed chunk indexes, which could be exploited by attackers to crash an affected application or potentially compromise a vulnerable system.

Affected Products

KTorrent version 2.1.1 and prior

Solution

Upgrade to KTorrent version 2.1.2 :
http://ktorrent.org/index.php?page=downloads

References

http://www.frsirt.com/english/advisories/2007/0913
http://ktorrent.org/forum/viewtopic.php?t=1401

Credits

Vulnerabilities reported by Bryan Burns (Juniper Networks)

Collapse -
Open Educational System Multiple Parameter Remote PHP File I
by Marianna Schmudlach / March 13, 2007 5:18 AM PDT

Open Educational System Multiple Parameter Remote PHP File Inclusion Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0920
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

Multiple vulnerabilities have been identified in Open Educational System (OES), which could be exploited by attackers to execute arbitrary commands. These issues are due to input validation errors in various scripts (e.g. "include/lib-account.inc.php" or "includes/lib-group.inc.php") when processing the "CONF_CONFIG_PATH" and "CONF_INCLUDE_PATH" parameters, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.

Affected Products

Open Educational System (OES) version 0.1 beta

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0920
http://advisories.echo.or.id/adv/adv69-K-159-2007.txt

Credits

Vulnerabilities reported by M.Hasran Addahroni

Collapse -
Mandriva update for mplayer
by Marianna Schmudlach / March 13, 2007 5:28 AM PDT

TITLE:
Mandriva update for mplayer

SECUNIA ADVISORY ID:
SA24446

VERIFY ADVISORY:
http://secunia.com/advisories/24446/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for mplayer. This fixes a
vulnerability, which can potentially be exploited by malicious people
compromise a vulnerable system.

For more information:
SA24444

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:055

OTHER REFERENCES:
SA24444:
http://secunia.com/advisories/24444/

Collapse -
Mandriva update for xine-lib
by Marianna Schmudlach / March 13, 2007 5:29 AM PDT

TITLE:
Mandriva update for xine-lib

SECUNIA ADVISORY ID:
SA24448

VERIFY ADVISORY:
http://secunia.com/advisories/24448/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/

DESCRIPTION:
Mandriva has issued an update for xine-lib. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise a vulnerable system.

For more information:
SA24443

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:057

OTHER REFERENCES:
SA24443:
http://secunia.com/advisories/24443/

Collapse -
Apple Releases Security Update to Address Multiple Vulnerabi
by Marianna Schmudlach / March 13, 2007 8:37 AM PDT

Apple Releases Security Update to Address Multiple Vulnerabilities in Various Products

added March 13, 2007
Apple has released Security Update 2007-003 to address multiple vulnerabilities in various products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, SYSTEM level access, cross-site scripting, sensitive data exposure, file manipulation, and denial of service.

US-CERT encourages users to apply the appropriate updates as soon as possible.

US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#apsec07003

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!