Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 6, 2007

by Marianna Schmudlach / March 5, 2007 2:02 PM PST

Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability

Bugtraq ID: 13970
Class: Access Validation Error
CVE: CVE-2005-1475

This issue arises due to an access-validation error affecting the 'XMLHttpRequest' object.

Successful exploitation may allow an attacker to steal cookies, manipulate content, obtain sensitive information, or launch other attacks.

Opera Web Browser version 8.0 is prone to this issue.

Updated: Mar 06 2007 12:25AM
Credit: Discovery is credited to Jakob Balle, Secunia Research.

http://www.securityfocus.com/bid/13970/info

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 6, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 6, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
SpamAssassin Malformed Email Header Remote Denial Of Service
by Marianna Schmudlach / March 5, 2007 2:04 PM PST

Bugtraq ID: 13978
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2005-1266


SpamAssassin is prone to a remote denial-of-service vulnerability because the application fails to properly handle overly long email headers.

Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed.

An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, the attacker may be able to cause extremely large delays in email delivery, denying service to legitimate users.

Updated: Mar 06 2007 12:06AM
Credit: This vulnerability was announced by the vendor.
Vulnerable: SpamAssassin SpamAssassin 3.0.3

http://www.securityfocus.com/bid/13978/info

Collapse -
Linux Kernel ISO9660 Denial of Service Vulnerability
by Marianna Schmudlach / March 5, 2007 2:06 PM PST

Bugtraq ID: 20920
Class: Race Condition Error
CVE: CVE-2006-5757

The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the code that handles the ISO9660 filesystem.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

Updated: Mar 06 2007 12:06AM
Credit: LMH is credited with the discovery of this vulnerability.

http://www.securityfocus.com/bid/20920/info

Collapse -
Mozilla Multiple Products Remote Vulnerabilities
by Marianna Schmudlach / March 5, 2007 2:08 PM PST

These issues are fixed in:

- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3

Published: Jul 26 2006 12:00AM
Updated: Mar 06 2007 12:06AM
Credit: Thilo Girmann, Secunia, Thor Larholm, TippingPoint and the Zero Day Initiative, H. D. Moore, Igor Bukanov, shutdown, Georgi Guninski, moz_bug_r_a4, Benjamin Smedberg, Daniel Veditz, and Mozilla developers are credited with reporting these vulnerabilities.

http://www.securityfocus.com/bid/19181/info

Collapse -
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple
by Marianna Schmudlach / March 5, 2007 2:10 PM PST

Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities


These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1

Updated: Mar 06 2007 12:06AM
Credit: TippingPoint and the Zero Day Initiative, Claus J

Collapse -
Adobe Reader and Acrobat PDF "file://" URL Handling Security
by Donna Buenaventura / March 5, 2007 9:49 PM PST

Issue

Software:
Adobe Acrobat 8.x
Adobe Reader 8.x

pdp has discovered a security issue in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information.

The problem is that it is possible to launch "file://" URLs from within PDF files. This can be exploited to e.g. read arbitrary files on the system and send them to the attacker.

Successful exploitation requires that a user is tricked into locally opening a PDF file.

The security issue is confirmed in Adobe Reader and Adobe Acrobat Professional versions 8.0.0. Other versions may also be affected.

Solution: Do not open untrusted PDF files.

Original Advisory: http://www.gnucitizen.org/projects/pdf-strikes-back/

http://secunia.com/advisories/24408/

Collapse -
Red Hat update for gnupg
by Marianna Schmudlach / March 6, 2007 12:17 AM PST

TITLE:
Red Hat update for gnupg

SECUNIA ADVISORY ID:
SA24365

VERIFY ADVISORY:
http://secunia.com/advisories/24365/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for gnupg. This fixes a vulnerability,
which potentially can be exploited by malicious people to bypass
certain security restrictions when applications use GnuPG in an
insecure manner.

For more information:
SA24412

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0106.html

OTHER REFERENCES:
SA24412:
http://secunia.com/advisories/24412/

Collapse -
Multiple Email Clients GnuPG Missing Status Interface Securi
by Marianna Schmudlach / March 6, 2007 12:19 AM PST

Multiple Email Clients GnuPG Missing Status Interface Security Checks Bypass Issue

Advisory ID : FrSIRT/ADV-2007-0835
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-06

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability has been identified in various email clients, which could be exploited by attackers to bypass security checks. This issue is due to an error when verifying parts of a message using GnuPG without the status interface option ("--status-fd"), which could be exploited by attackers to insert arbitrary text before or after a signed (or signed and encrypted) message and trick a user into believing that the forged and the properly signed texts are parts of the message.

Affected Products

GnuPG version 1.4.6 and prior
GPGME version 1.1.3 and prior
Enigmail version 0.94.2 and prior
KMail version 1.9.5 and prior
Evolution version 2.8.1 and prior
Sylpheed version 2.2.7 and prior
Mutt version 1.5.13 and prior
GNUMail version 1.1.2 and prior

Solution

Upgrade to GnuPG version 1.4.7 and GPGME version 1.1.4 :
http://www.gnupg.org/download/

References

http://www.frsirt.com/english/advisories/2007/0835
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
http://www.coresecurity.com/?action=item&id=1687

Credits

Vulnerability reported by Gerardo Richarte (Core Security Technologies)

Collapse -
HP-UX Software Distributor GZIP File Handling Remote Denial
by Marianna Schmudlach / March 6, 2007 12:20 AM PST

HP-UX Software Distributor GZIP File Handling Remote Denial of Service Vulnerabilities

dvisory ID : FrSIRT/ADV-2007-0832
CVE ID : CVE-2006-4334 - CVE-2006-4335 - CVE-2006-4336 - CVE-2006-4337 - CVE-2006-4338
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-06

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

Multiple vulnerabilities have been identified in HP-UX, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary commands. These issues are due to errors in the version of GZIP delivered by HP-UX Software Distributor (SD). For additional information, see : FrSIRT/ADV-2006-3695

Affected Products

HP-UX B.11.11
HP-UX B.11.23

Solution

Apply PHCO_35587 for HP-UX B.11.11 and revision B.11.23.0612 for HP-UX B.11.23 :
http://docs.hp.com/en/SD

References

http://www.frsirt.com/english/advisories/2007/0832
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00874667

Collapse -
WebCalendar "noSet" Variable Overwrite Vulnerability
by Marianna Schmudlach / March 6, 2007 12:21 AM PST

TITLE:
WebCalendar "noSet" Variable Overwrite Vulnerability

SECUNIA ADVISORY ID:
SA24403

VERIFY ADVISORY:
http://secunia.com/advisories/24403/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
WebCalendar 1.x
http://secunia.com/product/5606/

DESCRIPTION:
A vulnerability has been discovered in WebCalendar, which can be
exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified
before being used with the "noSet" parameter set. This can be
exploited to overwrite certain variables, and allows e.g. the
inclusion of arbitrary PHP files from internal or external
resources.

The vulnerability is confirmed in version 1.0.4. Prior versions may
also be affected.

SOLUTION:
Update to version 1.0.5.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=491130

Collapse -
Apple QuickTime Multiple Vulnerabilities
by Marianna Schmudlach / March 6, 2007 12:24 AM PST

TITLE:
Apple QuickTime Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24359

VERIFY ADVISORY:
http://secunia.com/advisories/24359/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/

DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which
potentially can be exploited by malicious people to compromise a
user's system.

1) An integer overflow error exists in the handling of 3GP video
files.

NOTE: This does not affect QuickTime on Mac OS X.

2) A boundary error in the handling of MIDI files can be exploited to
cause a heap-based buffer overflow.

3) A boundary error in the handling of QuickTime movie files can be
exploited to cause a heap-based buffer overflow.

4) An integer overflow exists in the handling of UDTA atoms in movie
files.

5) A boundary error in the handling of PICT files can be exploited to
cause a heap-based buffer overflow.

6) A boundary error in the handling of QTIF files can be exploited to
cause a stack-based buffer overflow.

7) An integer overflow exists in the handling of QTIF files.

Cool An input validation error exists in the processing of QTIF files.
This can be exploited to cause a heap corruption via a specially
crafted QTIF file with the "Color Table ID" field set to "0".

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

SOLUTION:
Update to version 7.1.5.

Mac OS X:
http://www.apple.com/quicktime/download/mac.html

Windows:
http://www.apple.com/quicktime/download/win.html

PROVIDED AND/OR DISCOVERED BY:
1) JJ Reyes
2,5,6,7) Mike Price, McAfee AVERT Labs
3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza
4) Sowhat of Nevis Labs and an anonymous researcher via ZDI.
Cool Ruben Santamarta via iDefense and JJ Reyes

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305149

Piotr Bania:
http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486

Collapse -
Fedora update for thunderbird
by Marianna Schmudlach / March 6, 2007 12:25 AM PST

TITLE:
Fedora update for thunderbird

SECUNIA ADVISORY ID:
SA24406

VERIFY ADVISORY:
http://secunia.com/advisories/24406/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for thunderbird. This fixes some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a user's system.

For more information:
SA24252

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749

OTHER REFERENCES:
SA24252:
http://secunia.com/advisories/24252/

Collapse -
Fedora Security Update Fixes Kernel NFSACL 2 "ACCESS" Denial
by Marianna Schmudlach / March 6, 2007 12:29 AM PST

Fedora Security Update Fixes Kernel NFSACL 2 "ACCESS" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0826
CVE ID : CVE-2007-0772
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-06
Technical Description

Fedora has released security updates to address a vulnerability identified in Kernel. This issue could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0660

Affected Products

Fedora Core 5
Fedora Core 6

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0826
https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00002.html
https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00001.html

Collapse -
Fedora Security Update Fixes Mozilla Thunderbird Multiple Co
by Marianna Schmudlach / March 6, 2007 12:31 AM PST

Fedora Security Update Fixes Mozilla Thunderbird Multiple Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0827
CVE ID : CVE-2006-6497 - CVE-2006-6498 - CVE-2006-6501 - CVE-2006-6502 - CVE-2006-6503 - CVE-2006-6504
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-06
Technical Description

Fedora has released security updates to address multiple vulnerabilities identified in Mozilla Thunderbird. These issues could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : FrSIRT/ADV-2006-5068

Affected Products

Fedora Core 5
Fedora Core 6

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0827
https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00013.html
https://www.redhat.com/archives/fedora-package-announce/2007-March/msg00012.html

Collapse -
Redhat Security Update Fixes mod_jk Tomcat Connector Code Ex
by Marianna Schmudlach / March 6, 2007 12:32 AM PST

Redhat Security Update Fixes mod_jk Tomcat Connector Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-0828
CVE ID : CVE-2007-0774
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-06
Technical Description

Redhat has released updated packages to address a vulnerability identified in mod_jk. This issue could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0809

Affected Products

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/0828
http://rhn.redhat.com/errata/RHSA-2007-0096.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.