Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 14, 2007

by Marianna Schmudlach / March 13, 2007 3:37 PM PDT

OpenBSD IPv6 remote vulnerability

Published: 2007-03-14,
Last Updated: 2007-03-14 01:04:47 UTC
by Swa Frantzen (Version: 1)
OpenBSD 3.9 and 4.0 have fixed an issue to correct a problem in the IPv6 stack.

Source code patches are available at:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/010_m_dup1.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/020_m_dup1.patch
For workarounds, and if you do not need IPv6, you can use the following (it will block all IPv6):

More: http://isc.sans.org/

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 14, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 14, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Apple Mac OS X AppleTalk Local Memory Corruption Vulnerabili
by Marianna Schmudlach / March 13, 2007 3:40 PM PDT

Apple Mac OS X AppleTalk Local Memory Corruption Vulnerability

Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to an IOCTL call.

Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users.

Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.

Updated: Mar 14 2007 04:44AM
Credit: LMH <lmh@info-pull.com> is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/21317/info

Collapse -
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vuln
by Marianna Schmudlach / March 13, 2007 3:42 PM PDT

Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability

Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDIF disk image files.

Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users.

Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.

Updated: Mar 14 2007 04:44AM
Credit: LMH <lmh@info-pull.com> discovered this issue.
Vulnerable: Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8

http://www.securityfocus.com/bid/21201/info

Collapse -
Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Ove
by Marianna Schmudlach / March 13, 2007 3:45 PM PDT

Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

Apple Mac OS X AppleTalk is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.

An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.

Apple Mac OS X version 10.4.8 is reported vulnerable; other versions may be vulnerable as well.

Updated: Mar 14 2007 04:44AM
Credit: Discovered by LMH <lmh@info-pull.com>.
Vulnerable: Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8

http://www.securityfocus.com/bid/22041/info

Collapse -
Apple Mac OS X Multiple Applications Multiple Vulnerabilitie
by Marianna Schmudlach / March 13, 2007 3:47 PM PDT

Mac OS X is prone to multiple vulnerabilities including stack-based buffer-overflow issues, denial-of-service vulnerabilities, two memory-corruption issues, an integer-overflow issue, two authentication-bypass issues, an information-disclosure vulnerability, and an insecure command-execution issue.

An attacker can exploit these issues to execute arbitrary code in the context of the user running the application, cause denial-of-service conditions, compromise the application, and access or modify data.

Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.

Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are vulnerable.

Updated: Mar 14 2007 04:24AM
Credit: Ferris of Security-Protocols, Andrew Garber of University of Victoria, Alex Harper, Michael Evans, Luke Church of the Computer Laboratory University of Cambridge, Jeff Mccune of The Ohio State University, and Cameron Kay of Massey University New Zealand

http://www.securityfocus.com/bid/22948/info

Collapse -
Apple Mac OS X Mach-O Binary Loading Integer Overflow Vulner
by Marianna Schmudlach / March 13, 2007 3:50 PM PDT

A successful exploit would allow a local attacker to execute arbitrary code with kernel-level privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Updated: Mar 14 2007 03:54AM
Credit: LMH <lmh@info-pull.com> is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/21291/info

Collapse -
Linux Kernel NULL Pointer Dereferences and Security Bypass
by Marianna Schmudlach / March 14, 2007 1:23 AM PDT

TITLE:
Linux Kernel NULL Pointer Dereferences and Security Bypass

SECUNIA ADVISORY ID:
SA24492

VERIFY ADVISORY:
http://secunia.com/advisories/24492/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, DoS

WHERE:
From remote

OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/

DESCRIPTION:
Some vulnerabilities have been reported in the Linux Kernel, which
potentially can be exploited by malicious people to bypass certain
security restrictions or cause a DoS (Denial of Service).

1) NULL pointer dereferences within net/netfilter/nfnetlink_log.c can
potentially be exploited to cause a kernel panic by sending specially
crafted packets to a vulnerable system.

2) An error exists within conntrack when assembling fragmented IPv6
packets. This can potentially be exploited to bypass certain rulesets
that accept ESTABLISHED packets early.

SOLUTION:
Update to version 2.6.20.3.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3

Collapse -
PHProjekt Multiple Vulnerabilities
by Marianna Schmudlach / March 14, 2007 1:24 AM PDT

TITLE:
PHProjekt Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24509

VERIFY ADVISORY:
http://secunia.com/advisories/24509/

CRITICAL:
Moderately critical

IMPACT:
Hijacking, Cross Site Scripting, Manipulation of data, System access

WHERE:
From remote

SOFTWARE:
PHProjekt 5.x
http://secunia.com/product/11488/

DESCRIPTION:
Some vulnerabilities have been reported in PHProjekt, which can be
exploited by malicious users to conduct cross-site scripting, script
insertion, cross-site request forgery, and SQL injection attacks and
potentially compromise a vulnerable system.

1) Input passed to unspecified parameters is not properly sanitised
before being returned to a user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) Input passed to unspecified parameters in the calendar module is
not properly sanitised before being used in an SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Input passed to unspecified parameters in the search module is not
properly sanitised before being used in an SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) Input passed to an unspecified cookie is not properly sanitised
before being used in an SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code when the user
logs out.

5) An error within the CSRF prevention routine can be exploited to
conduct CSRF attacks.

6) Users can upload files through e.g. the calendar or file
management modules. This can be exploited to execute arbitrary PHP
code by uploading a malicious PHP file.

7) Input passed to unspecified parameters is not properly verified
before being used. This can be exploited to insert HTML and script
code, which will executed in a user's browser session in context of
an affected site if malicious data is viewed.

Successful exploitation of the vulnerabilities reportedly requires
that a valid user is logged in.

The vulnerabilities are reported in version 5.2. Other versions may
also be affected.

SOLUTION:
Update to version 5.2.1.

PROVIDED AND/OR DISCOVERED BY:
Alexios Fakos, n.runs AG.

ORIGINAL ADVISORY:
http://www.phprojekt.com/index.php?name=News&file=article&sid=276

http://www.nruns.de/security_advisory_phprojekt_csrf.php
http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php
http://www.nruns.de/security_advisory_phprojekt_privilege_escalation.php
http://www.nruns.de/security_advisory_phprojekt_sql_injection.php

Collapse -
Mac OS X Security Update Fixes Multiple Vulnerabilities
by Marianna Schmudlach / March 14, 2007 1:28 AM PDT

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24479

VERIFY ADVISORY:
http://secunia.com/advisories/24479/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, Privilege escalation, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/


SOLUTION:
Update to Mac OS X 10.4.9 or install Security Update 2007-003:

Security Update 2007-003 (10.3.9 Client):
http://www.apple.com/support/downloads/securityupdate20070031039client.html

Security Update 2007-003 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070031039server.html

Mac OS X Server 10.4.9 Update (PPC):
http://www.apple.com/support/downloads/macosxserver1049updateppc.html

Mac OS X 10.4.9 Combo Update (PPC):
http://www.apple.com/support/downloads/macosx1049comboupdateppc.html

Mac OS X 10.4.9 Combo Update (Intel):
http://www.apple.com/support/downloads/macosx1049comboupdateintel.html

Mac OS X 10.4.9 Update (PPC):
http://www.apple.com/support/downloads/macosx1049updateppc.html

Mac OS X 10.4.9 Update (Intel):
http://www.apple.com/support/downloads/macosx1049updateintel.html

Mac OS X Server 10.4.9 Update (Universal):
http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html

Mac OS X Server 10.4.9 Combo Update (Universal):
http://www.apple.com/support/downloads/macosxserver1049comboupdateuniversal.html

Mac OS X Server 10.4.9 Combo Update (PPC):
http://www.apple.com/support/downloads/macosxserver1049comboupdateppc.html

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:

1, 12) Tom Ferris, Security-Protocols
2) KF
11) Andrew Garber of University of Victoria, Alex Harper, and Michael
Evans
13) Luke Church, University of Cambridge
19) Jeff Mccune, The Ohio State University
22) Tom Ferris, Security-Protocols and Mike Price, McAfee AVERT Labs
25) Cameron Kay of Massey University, New Zealand
26) Kevin Finisterre, DigitalMunition

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305214

MOAB:
2) http://projects.info-pull.com/moab/MOAB-28-01-2007.html
26) http://projects.info-pull.com/moab/MOAB-24-01-2007.html

OTHER REFERENCES:
SA17318:
http://secunia.com/advisories/17318/

SA18579:
http://secunia.com/advisories/18579/

SA18973:
http://secunia.com/advisories/18973/

SA19929:
http://secunia.com/advisories/19929/

SA20365:
http://secunia.com/advisories/20365/

SA21259:
http://secunia.com/advisories/21259/

SA21506:
http://secunia.com/advisories/21506/

SA21935:
http://secunia.com/advisories/21935/

SA22091:
http://secunia.com/advisories/22091/

SA22173:
http://secunia.com/advisories/22173/

SA22467:
http://secunia.com/advisories/22467/

SA22736:
http://secunia.com/advisories/22736/

SA22808:
http://secunia.com/advisories/22808/

SA23012:
http://secunia.com/advisories/23012/

SA23088:
http://secunia.com/advisories/23088/

SA23115:
http://secunia.com/advisories/23115/

SA23120:
http://secunia.com/advisories/23120/

SA23134:
http://secunia.com/advisories/23134/

SA23703:
http://secunia.com/advisories/23703/

SA23708:
http://secunia.com/advisories/23708/

SA23721:
http://secunia.com/advisories/23721/

SA23725:
http://secunia.com/advisories/23725/

SA23742:
http://secunia.com/advisories/23742/

SA23859:
http://secunia.com/advisories/23859/

Collapse -
War FTP Daemon Unspecified Buffer Overflow Vulnerability
by Marianna Schmudlach / March 14, 2007 1:30 AM PDT

TITLE:
War FTP Daemon Unspecified Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA24494

VERIFY ADVISORY:
http://secunia.com/advisories/24494/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
War FTP Daemon 1.6x
http://secunia.com/product/1998/

DESCRIPTION:
Immunity has reported a vulnerability in WarFTP Daemon, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to an unspecified error prior to
authentication and can be exploited to cause a stack-based buffer
overflow.

The vulnerability is reported in version 1.65. Other versions may
also be affected.

SOLUTION:
The vendor recommends using the version 1.80 series.

Restrict access to the FTP service.

PROVIDED AND/OR DISCOVERED BY:
Immunity, Inc.

Collapse -
Adobe ColdFusion MX and JRun IIS Connector Remote Denial of
by Marianna Schmudlach / March 14, 2007 1:31 AM PDT

Adobe ColdFusion MX and JRun IIS Connector Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0932
CVE ID : CVE-2007-1278
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

A vulnerability has been identified in Adobe ColdFusion MX and JRun, which could be exploited by attackers to cause a denial of service. This issue is due to an error in the IIS connector when handling certain requests, which could be exploited by attackers to crash an affected application by taking specific actions after requesting a file located in the web root folder.

Affected Products

Adobe JRun 4.0 Updater 6
Adobe ColdFusion MX 7.0 Enterprise Edition
Adobe ColdFusion MX 6.1 Enterprise

Solution

Apply patches :
http://www.adobe.com/support/security/bulletins/apsb07-07.html

References

http://www.frsirt.com/english/advisories/2007/0932
http://www.adobe.com/support/security/bulletins/apsb07-07.html

Credits

Vulnerability reported by Shoji Kamiichi (NEC)

Collapse -
McAfee ePolicy Orchestrator "SiteManager.dll" ActiveX Code E
by Marianna Schmudlach / March 14, 2007 1:32 AM PDT

McAfee ePolicy Orchestrator "SiteManager.dll" ActiveX Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0931
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Multiple vulnerabilities have been identified in McAfee ePolicy Orchestrator, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are due to buffer overflow errors in the "SiteManager.dll" ActiveX control when processing malformed arguments passed to the "ExportSiteList()" or "VerifyPackageCatalog()" method, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page.

Affected Products

McAfee ePolicy Orchestrator (ePO) versions 3.x
McAfee ProtectionPilot versions 1.x

Solution

Apply patches :
https://mysupport.mcafee.com/eservice_enu/start.swe

References

http://www.frsirt.com/english/advisories/2007/0931
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html

Credits

Vulnerabilities reported by cocoruder (Fortinet Security Research Team)

Collapse -
FiSH Multiple Command Handling Buffer Overflow Remote Code E
by Marianna Schmudlach / March 14, 2007 1:34 AM PDT

FiSH Multiple Command Handling Buffer Overflow Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0910
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

Multiple vulnerabilities have been identified in FiSH, which could be exploited by remote attackers to take complete control of an affected system. These issues are due to buffer overflow errors when processing a specially crafted "PRIVMSG", "NOTICE", "TOPIC", "NICK" or "332" command, which could be exploited by attackers to crash an affected application or execute arbitrary commands.

Affected Products

FiSH version 1.29 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0910
http://blogs.23.nu/ilja/stories/14493/

Credits

Vulnerabilities reported by ilja

Collapse -
Plash Sandboxed Process TIOCSTI "ioctl()" Security Bypass an
by Marianna Schmudlach / March 14, 2007 1:35 AM PDT

Plash Sandboxed Process TIOCSTI "ioctl()" Security Bypass and Privilege Escalation

Advisory ID : FrSIRT/ADV-2007-0909
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-13
Technical Description

A vulnerability has been identified in Plash, which could be exploited by attackers to bypass security restrictions. This issue is due to an error where a sandboxed process can insert characters into the input stream of the terminal using the TIOCSTI "ioctl()" on the tty's file descriptor, which could be exploited by attackers to execute arbitrary commands with elevated privileges via a sandboxed process.

Affected Products

Plash version 1.17 and prior

Solution

The vendor recommends proxying access to stdin/stdout/stderr by piping them through cat :
# cat | pola-run ... 2 >&1 | cat

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/0909
http://plash.beasts.org/wiki/PlashIssues/TtyVulnerability
http://lists.gnu.org/archive/html/plash/2007-03/msg00000.html

Credits

Vulnerability reported by Mark Seaborn

Collapse -
Debian update for gnupg
by Marianna Schmudlach / March 14, 2007 1:39 AM PDT

TITLE:
Debian update for gnupg

SECUNIA ADVISORY ID:
SA24511

VERIFY ADVISORY:
http://secunia.com/advisories/24511/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions when applications use GnuPG in an insecure manner.

For more information:
SA24412

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00021.html

OTHER REFERENCES:
SA24412:
http://secunia.com/advisories/24412/

Collapse -
Gentoo update for amarok
by Marianna Schmudlach / March 14, 2007 1:41 AM PDT

TITLE:
Gentoo update for amarok

SECUNIA ADVISORY ID:
SA24510

VERIFY ADVISORY:
http://secunia.com/advisories/24510/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for amarok. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise
a user's system.

For more information:
SA24159

SOLUTION:
Update to "media-sound/amarok-1.4.5-r1" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-11.xml

OTHER REFERENCES:
SA24159:
http://secunia.com/advisories/24159

Collapse -
HP Security Update Fixes HP-UX Java Multiple Remote Code Exe
by Marianna Schmudlach / March 14, 2007 1:50 AM PDT

HP Security Update Fixes HP-UX Java Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0936
CVE ID : CVE-2007-0243 - CVE-2006-6745 - CVE-2006-6731
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

HP has released security updates to address multiple vulnerabilities identified in Java for HP-UX. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0211 - FrSIRT/ADV-2006-5074 - FrSIRT/ADV-2006-5073

Affected Products

HP-UX B.11.11
HP-UX B.11.23

Solution

Upgrade to the latest version :
http://www.hp.com/go/java

References

http://www.frsirt.com/english/advisories/2007/0936
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00876579

Collapse -
Mandriva Security Update Fixes MPlayer and Xine-lib Buffer O
by Marianna Schmudlach / March 14, 2007 1:52 AM PDT

Mandriva Security Update Fixes MPlayer and Xine-lib Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0922
CVE ID : CVE-2007-1387
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Mandriva has released security updates to address a vulnerability identified in MPlayer and Xine-lib. This issue could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2007-0794

Affected Products

Mandriva Linux 2007.0
Mandriva Corporate 3.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0922
http://archives.mandrivalinux.com/security-announce/2007-03/msg00014.php
http://archives.mandrivalinux.com/security-announce/2007-03/msg00015.php

Collapse -
Turbolinux Security Update Fixes KSirc "PRIVMSG" Remote Deni
by Marianna Schmudlach / March 14, 2007 1:53 AM PDT

Turbolinux Security Update Fixes KSirc "PRIVMSG" Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0926
CVE ID : CVE-2006-6811
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Turbolinux has released security updates to address a vulnerability identified in KsIRC. This issue could be exploited by remote attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2006-5199

Affected Products

Turbolinux FUJI

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0926
http://www.turbolinux.com/security/2007/TLSA-2007-15.txt

Collapse -
Turbolinux Security Update Fixes Libwmf Multiple Remote Code
by Marianna Schmudlach / March 14, 2007 1:55 AM PDT

Turbolinux Security Update Fixes Libwmf Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0927
CVE ID : CVE-2004-0990 - CVE-2004-0941 - CVE-2006-3376 - CVE-2007-0455
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Turbolinux has released security updates to address multiple vulnerabilities identified in Libwmf. For additional information, see : FrSIRT/ADV-2006-2646 - FrSIRT/ADV-2007-0400

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux FUJI
Turbolinux 10 Server x64 Edition
Turbolinux 10 Server
Turbolinux Home
Turbolinux 10 F...
Turbolinux 10 Desktop

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0927
http://www.turbolinux.com/security/2007/TLSA-2007-16.txt

Collapse -
Turbolinux Security Update Fixes Samba Code Execution and De
by Marianna Schmudlach / March 14, 2007 1:56 AM PDT

Turbolinux Security Update Fixes Samba Code Execution and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-0928
CVE ID : CVE-2007-0452 - CVE-2007-0454
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Turbolinux has released security updates to address multiple vulnerabilities identified in Samba. These issues could be exploited by attackers to cause a denial of service or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0483

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux FUJI
Turbolinux 10 Server x64 Edition
Turbolinux 10 Server

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0928
http://www.turbolinux.com/security/2007/TLSA-2007-18.txt

Collapse -
Turbolinux Security Update Fixes Squid FTP and NTML Denial o
by Marianna Schmudlach / March 14, 2007 1:57 AM PDT

Turbolinux Security Update Fixes Squid FTP and NTML Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0929
CVE ID : CVE-2007-0247 - CVE-2007-0248
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

Turbolinux has released security updates to address multiple vulnerabilities identified in Squid. These issues could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0199

Affected Products

Turbolinux Appliance Server 2.0
Turbolinux 10 Server x64 Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux 10 Server
Turbolinux 8 Server

Solution

Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/

References

http://www.frsirt.com/english/advisories/2007/0929
http://www.turbolinux.com/security/2007/TLSA-2007-17.txt

Collapse -
vBulletin "Attached Before" SQL Injection Vulnerability
by Marianna Schmudlach / March 14, 2007 5:16 AM PDT

TITLE:
vBulletin "Attached Before" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA24503

VERIFY ADVISORY:
http://secunia.com/advisories/24503/

CRITICAL:
Not critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
vBulletin 3.x
http://secunia.com/product/3212/

DESCRIPTION:
A vulnerability has been reported in vBulletin, which can be
exploited by malicious users to conduct SQL injection attacks.

Input passed to the "Attached Before" form field in
admincp/attachment.php is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

Successful exploitation requires valid administrator credentials.

The vulnerability is reported in version 3.6.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
meto5757 and disfigure

Collapse -
BlackBerry Device Browser Link Handling Client-Side Denial o
by Marianna Schmudlach / March 14, 2007 5:20 AM PDT

BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0945
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
Technical Description

A vulnerability has been identified in various BlackBerry devices, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the BlackBerry browser that fails to properly handle overly long URLs, which could be exploited by attackers to cause a vulnerable device to become slow or to stop responding by tricking a user into following a specially crafted link.

Affected Products

BlackBerry Device Software version 4.2 and prior

Solution

Upgrade to BlackBerry Device Software 4.2 Service Pack 1 :
http://na.blackberry.com/eng/support/downloads/

References

http://www.frsirt.com/english/advisories/2007/0945

Credits

Vulnerability reported by Michael Kemp

Collapse -
Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripti
by Marianna Schmudlach / March 14, 2007 8:41 AM PDT

Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability

Bugtraq ID: 22966
Class: Input Validation Error

Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to steal cookie-based authentication credentials and obtain sensitive information.

Published: Mar 14 2007 12:00AM
Updated: Mar 14 2007 09:34PM
Credit: Aviv Raff is credited with the discovery of this issue.
Vulnerable: Microsoft Internet Explorer 7.0
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0

http://www.securityfocus.com/bid/22966/info

Collapse -
Trend Micro Scan Engine UPX File Parsing Remote Denial of Se
by Marianna Schmudlach / March 14, 2007 8:43 AM PDT

Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability


Bugtraq ID: 22965
Class: Input Validation Error

Trend Micro Scan Engine is prone to a denial-of-service vulnerability because it fails to properly handle compressed UPX files.

An attacker can exploit this issue to crash the operating system, denying further service to legitimate users.

This issue affects various products using the Trend Micro Antivirus Scan Engine version 8 and above.

Published: Mar 14 2007 12:00AM
Updated: Mar 14 2007 09:34PM
Credit: The discoverer of this issue wishes to remain anonymous.

Vulnerable: Trend Micro Scan Engine 8.3
Trend Micro Scan Engine 8
Trend Micro PC-Cillin Internet Security 2006 14.10 .1023
Trend Micro PC-Cillin Internet Security 2007
Trend Micro Internet Security Suite 2007 0
Trend Micro Antivirus 2007

http://www.securityfocus.com/bid/22965/info

Collapse -
Symantec Norton Personal Firewall 2006 SymEvent Driver Local
by Marianna Schmudlach / March 14, 2007 8:46 AM PDT

Symantec Norton Personal Firewall 2006 SymEvent Driver Local Denial of Service Vulnerability

Bugtraq ID: 22961
Class: Failure to Handle Exceptional Conditions

Norton Personal Firewall 2006 is prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver.

A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users.

This issue is reportedly a regression from the vulnerability described in BID 20051 (Symantec Multiple Products SymEvent Driver Local Denial of Service Vulnerability). Symantec is currently investigating this issue; this BID will be updated as more information becomes available.

Published: Mar 14 2007 12:00AM
Updated: Mar 14 2007 09:04PM
Credit: Discovery is credited to David Matousek.
Vulnerable: Symantec Norton Personal Firewall 2006 9.1.1 .7

http://www.securityfocus.com/bid/22961/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?