Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 27, 2007

by Marianna Schmudlach / March 27, 2007 2:40 AM PDT

Sun Solaris Mozilla Browser "js_dtoa()" Routine Client-Side Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-1124
CVE ID : CVE-2006-6499
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-27
Technical Description

A vulnerability has been identified in Mozilla for Sun Solaris, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the "js_dtoa()" function. For additional information, see : FrSIRT/ADV-2006-5068

Affected Products

Sun Solaris 8
Sun Solaris 9
Sun Solaris 10

Solution

Solaris 10 (SPARC) - Apply patch 119115-24 or later
Solaris 10 (x86) - Apply patch 119116-24 or later

References

http://www.frsirt.com/english/advisories/2007/1124
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1

Credits

Vulnerability reported by Keith Victor

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 27, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 27, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Linux Kernel Socket Options Interface "do_ipv6_setsockopt()"
by Marianna Schmudlach / March 27, 2007 2:41 AM PDT

Linux Kernel Socket Options Interface "do_ipv6_setsockopt()" Denial of Service Issue

Advisory ID : FrSIRT/ADV-2007-1122
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-03-27
Technical Description

A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service. This issue is due to an NULL pointer dereference error in the "do_ipv6_setsockopt()" [net/ipv6/ipv6_sockglue.c] function when processing the "opt" parameter, which could be exploited by malicious users to panic or crash an affected system, creating a denial of service condition.

Affected Products

Linux Kernel versions 2.6.x

Solution

Upgrade to Linux Kernel version 2.6.20.4 :
http://www.kernel.org

References

http://www.frsirt.com/english/advisories/2007/1122
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.4
http://bugzilla.kernel.org/show_bug.cgi?id=8155

Credits

Vulnerability reported by Gabriel Campana

Collapse -
HP OpenView Network Node Manager Remote Unauthorized Access
by Marianna Schmudlach / March 27, 2007 2:42 AM PDT

HP OpenView Network Node Manager Remote Unauthorized Access Vulnerability

Advisory ID : FrSIRT/ADV-2007-1121
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-27
Technical Description

A vulnerability has been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to bypass security restrictions. This issue is due to an unspecified error in the authentication process, which could be exploited by remote unauthenticated attackers to to gain unauthorized access to certain facilities of the NNM server.

Affected Products

HP OpenView Network Node Manager (OV NNM) version 6.20
HP OpenView Network Node Manager (OV NNM) version 6.4x
HP OpenView Network Node Manager (OV NNM) version 7.01
HP OpenView Network Node Manager (OV NNM) version 7.50
HP OpenView Network Node Manager (OV NNM) version 7.51

(running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux).

Solution

Apply patches :
http://support.openview.hp.com/patches/

References

http://www.frsirt.com/english/advisories/2007/1121
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00854999

Credits

Vulnerability reported by the vendor

Collapse -
Sun StarOffice and StarSuite StarCalc Parser and Link Proces
by Marianna Schmudlach / March 27, 2007 2:44 AM PDT

Sun StarOffice and StarSuite StarCalc Parser and Link Processing Code Execution Issues

Advisory ID : FrSIRT/ADV-2007-1117
CVE ID : CVE-2007-0238 - CVE-2007-0239
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-27
Technical Description

Multiple vulnerabilities have been identified in Sun StarOffice and StarSuite, which could be exploited by attackers to take complete control of an affected system. For additional information, see : FrSIRT/ADV-2007-1032

Affected Products

Sun StarOffice/StarSuite 6.x
Sun StarOffice/StarSuite 7.x
Sun StarOffice/StarSuite 8.x

Solution

A final resolution is pending completion.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/1117
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102794-1

Credits

Vulnerabilities reported by NGSSoftware

Collapse -
Microsoft Windows Web Proxy Automatic Discovery (WPAD) Traff
by Marianna Schmudlach / March 27, 2007 2:45 AM PDT

Microsoft Windows Web Proxy Automatic Discovery (WPAD) Traffic Routing Vulnerability

Advisory ID : FrSIRT/ADV-2007-1115
CVE ID : CVE-2007-1692
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-27
Technical Description

A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to gain knowledge of sensitive information. This issue is due to a design error where the Web Proxy Autodiscovery Protocol (WPAD) is used (by default) without static WPAD entries, which could be exploited by attackers on a local network segment to force WPAD clients (e.g. Internet Explorer) to route their traffic through a malicious proxy server by registering a specially crafted WPAD entry in Domain Name System (DNS) or in Windows Internet Naming Service (WINS).

Affected Products

Microsoft Windows Server 2003 Standard Edition (x64)
Microsoft Windows Server 2003 Enterprise Edition (x64)
Microsoft Windows Server 2003 Datacenter Edition (x64)
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Enterprise Edition SP1 (Itanium)
Microsoft Windows Server 2003 Datacenter Edition SP1 (Itanium)
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Datacenter Edition (Itanium)
Microsoft Windows Server 2003 Enterprise Edition (Itanium)
Microsoft Windows Server 2003 R2 Standard Edition
Microsoft Windows Server 2003 R2 Enterprise Edition
Microsoft Windows Server 2003 R2 Datacenter Edition
Microsoft Windows Server 2003 R2 Standard x64 Edition
Microsoft Windows Server 2003 R2 Enterprise x64 Edition
Microsoft Windows Server 2003 R2 Datacenter x64 Edition
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional Edition
Microsoft Windows Small Business Server 2003 Standard Edition
Microsoft Small Business Server 2000 Standard Edition

Solution

Reserve static WPAD DNS host names and WPAD WINS name records :
http://support.microsoft.com/kb/934864

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/1115
http://support.microsoft.com/kb/934864

Credits

Vulnerability reported by Chris Paget (IOActive)

Collapse -
Slackware update for libwpd
by Marianna Schmudlach / March 27, 2007 2:54 AM PDT

TITLE:
Slackware update for libwpd

SECUNIA ADVISORY ID:
SA24591

VERIFY ADVISORY:
http://secunia.com/advisories/24591/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Slackware Linux 11.0
http://secunia.com/product/13491/

DESCRIPTION:
Slackware has issued an update for libwpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) or compromise an application using the
library.

For more information:
SA24507

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659

OTHER REFERENCES:
SA24507:
http://secunia.com/advisories/24507/

Collapse -
Gentoo mgv Buffer Overflow Vulnerability
by Marianna Schmudlach / March 27, 2007 2:56 AM PDT

TITLE:
Gentoo mgv Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA24649

VERIFY ADVISORY:
http://secunia.com/advisories/24649/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has acknowledged a vulnerability in mgv, which can be
exploited by malicious people to compromise a user's system.

For more information:
SA22787

SOLUTION:
The vendor has masked the "app-text/mgv" package and recommends
unmerging it.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-24.xml

OTHER REFERENCES:
SA22787:
http://secunia.com/advisories/22787/

Collapse -
Avaya Products php Multiple Vulnerabilities
by Marianna Schmudlach / March 27, 2007 2:57 AM PDT

TITLE:
Avaya Products php Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24642

VERIFY ADVISORY:
http://secunia.com/advisories/24642/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Exposure of sensitive information, DoS, System
access

WHERE:
From remote

OPERATING SYSTEM:
Avaya Converged Communications Server (CCS) 2.x
http://secunia.com/product/4520/
Avaya Converged Communications Server (CCS) 3.x
http://secunia.com/product/8091/
Avaya SIP Enablement Services (SES) 3.x
http://secunia.com/product/8090/
Avaya Modular Messaging 3.x
http://secunia.com/product/8717/

DESCRIPTION:
Avaya has acknowledged some vulnerabilities and a weakness in php,
which can be exploited by malicious people to disclose potentially
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and potentially compromise a vulnerable
system.

For more information:
SA24089

The following products are affected:
* Avaya Messaging Storage Server (MSS 3.0)
* Avaya CCS/SES (all versions)

SOLUTION:
The vendor recommends that local and network access to the affected
systems be restricted until an update is available.

ORIGINAL ADVISORY:
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

OTHER REFERENCES:
SA24089:
http://secunia.com/advisories/24089/

Collapse -
Ubuntu update for evolution
by Marianna Schmudlach / March 27, 2007 2:59 AM PDT

TITLE:
Ubuntu update for evolution

SECUNIA ADVISORY ID:
SA24651

VERIFY ADVISORY:
http://secunia.com/advisories/24651/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/

DESCRIPTION:
Ubuntu has issued an update for evolution. This fixes a
vulnerability, which can be exploited by malicious people to
potentially compromise a vulnerable system.

For more information:
SA24234

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-442-1

OTHER REFERENCES:
SA24234:
http://secunia.com/advisories/24234/

Collapse -
Ubuntu update for squid
by Marianna Schmudlach / March 27, 2007 3:00 AM PDT

TITLE:
Ubuntu update for squid

SECUNIA ADVISORY ID:
SA24625

VERIFY ADVISORY:
http://secunia.com/advisories/24625/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.10
http://secunia.com/product/12470/

DESCRIPTION:
Ubuntu has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA24611

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-441-1

OTHER REFERENCES:
SA24611:
http://secunia.com/advisories/24611/

Collapse -
Linux Kernel DCCP Multiple Local Information Disclosure Vuln
by Marianna Schmudlach / March 27, 2007 9:10 AM PDT

Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities


Bugtraq ID: 23162
Class: Design Error

The Linux kernel is prone to multiple vulnerabilities in its DCCP support. Exploiting these issues can allow local attackers to access privileged information.

An attacker may be able to obtain sensitive data that can potentially aid in further attacks.

Linux Kernel versions in the 2.6.20 and later branch are vulnerable to these issues.

Published: Mar 27 2007 12:00AM
Updated: Mar 27 2007 11:13PM
Credit: Robert Swiecki <jagger@swiecki.net> discovered these vulnerabilities.


Vulnerable: Linux kernel 2.6.20 .4
Linux kernel 2.6.20
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.1

http://www.securityfocus.com/bid/23162/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?