Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - May 3, 2007

by Marianna Schmudlach / May 3, 2007 1:09 AM PDT

Office OCX Word Viewer Multiple Method Remote Command Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-1634
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

A vulnerability has been identified in Office OCX Word Viewer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the "ExcelViewer.ocx" ActiveX control when calling certain methods e.g. "HttpDownloadFile()" with overly long arguments, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

Office OCX Word Viewer version 3.2.0.5 and prior

Solution

Set a kill bit for the CLSID {97AF4A45-49BE-4485-9F55-91AB40F22BF2}.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/1634
http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html

Credits

Vulnerability reported by shinnai

Discussion is locked
You are posting a reply to: VULNERABILITIES - May 3, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - May 3, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red Hat update for evolution
by Marianna Schmudlach / May 3, 2007 1:10 AM PDT

TITLE:
Red Hat update for evolution

SECUNIA ADVISORY ID:
SA25102

VERIFY ADVISORY:
http://secunia.com/advisories/25102/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
http://secunia.com/product/13651/
Red Hat Enterprise Linux Desktop (v. 5 client)
http://secunia.com/product/13653/

DESCRIPTION:
Red Hat has issued an update for evolution. This fixes a
vulnerability, which can be exploited by malicious people to
compromise a vulnerable system.

For more information:
SA24234

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
https://rhn.redhat.com/errata/RHSA-2007-0158.html

OTHER REFERENCES:
SA24234:
http://secunia.com/advisories/24234/

Collapse -
DVDdb Cross-Site Scripting Vulnerabilities
by Marianna Schmudlach / May 3, 2007 1:11 AM PDT

TITLE:
DVDdb Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA25127

VERIFY ADVISORY:
http://secunia.com/advisories/25127/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
DVDdb 0.x
http://secunia.com/product/14120/

DESCRIPTION:
r0t has discovered vulnerabilities in DVDdb, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Input passed to the "movieid" parameter in loan.php and to the "s"
parameter in listmovies.php are not properly sanitised before being
returned to the user. These can be exploited to execute arbitrary
HTML and script code in a logged in user's browser session in context
of an affected site.

The vulnerabilities are confirmed in version 0.6. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
r0t

ORIGINAL ADVISORY:
http://pridels.blogspot.com/2007/05/dvddb-xss-vuln.html

Collapse -
Red Hat update for xscreensaver
by Marianna Schmudlach / May 3, 2007 1:12 AM PDT

TITLE:
Red Hat update for xscreensaver

SECUNIA ADVISORY ID:
SA25105

VERIFY ADVISORY:
http://secunia.com/advisories/25105/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
Local system

OPERATING SYSTEM:
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for xscreensaver. This fixes a weakness,
which can be exploited by malicious people to bypass certain security
restrictions.

For more information:
SA25065

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0322.html

OTHER REFERENCES:
SA25065:
http://secunia.com/advisories/25065/

Collapse -
HP ProCurve 9300m Unspecified Denial of Service
by Marianna Schmudlach / May 3, 2007 1:14 AM PDT

TITLE:
HP ProCurve 9300m Unspecified Denial of Service

SECUNIA ADVISORY ID:
SA25101

VERIFY ADVISORY:
http://secunia.com/advisories/25101/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
HP ProCurve Routing Switch 9300m Series
http://secunia.com/product/3491/

DESCRIPTION:
A vulnerability has been reported in HP ProCurve 9300m Series
switches, which can be exploited by malicious people to cause a DoS
(Denial of Service).

The vulnerability is caused due to an unspecified error, which can be
exploited to cause a DoS. No more information is currently available.

The vulnerability is reported in versions 8.0.01c ? 08.0.01j.

SOLUTION:
Install software version 07.8.03.
http://www.hp.com/rnd/software/switches.htm

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753

Collapse -
Progress WebSpeed "edit.r" Denial of Service Vulnerability
by Marianna Schmudlach / May 3, 2007 1:16 AM PDT

TITLE:
Progress WebSpeed "edit.r" Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA25129

VERIFY ADVISORY:
http://secunia.com/advisories/25129/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Progress 9.x
http://secunia.com/product/682/

DESCRIPTION:
Eelko Neven has reported a vulnerability in Progress, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an infinite loop when WebSpeed
agents call _edit with no additional parameter. This can be exploited
to cause a DoS due to CPU exhaustion by requesting a special WebSpeed
URL.

The vulnerability is reported in Progress 9.1e. Other versions may
also be affected.

SOLUTION:
Filter malicious URLs using a proxy or firewall.

PROVIDED AND/OR DISCOVERED BY:
Eelko Neven

ORIGINAL ADVISORY:
http://www.ishare.nl/

Collapse -
Ubuntu update for net-snmp
by Marianna Schmudlach / May 3, 2007 1:17 AM PDT

TITLE:
Ubuntu update for net-snmp

SECUNIA ADVISORY ID:
SA25115

VERIFY ADVISORY:
http://secunia.com/advisories/25115/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/product/10611/

DESCRIPTION:
Ubuntu has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA23285

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-456-1

OTHER REFERENCES:
SA23285:
http://secunia.com/advisories/23285/

Collapse -
Mambo Unspecified Bypass Vulnerabilities
by Marianna Schmudlach / May 3, 2007 1:18 AM PDT

TITLE:
Mambo Unspecified Bypass Vulnerabilities

SECUNIA ADVISORY ID:
SA25039

VERIFY ADVISORY:
http://secunia.com/advisories/25039/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Mambo 4.x
http://secunia.com/product/872/

DESCRIPTION:
Some vulnerabilities have been reported in Mambo, which can be
exploited by malicious people to bypass certain security
restrictions.

1) A vulnerability is caused due to insufficient privilege checks in
includes/pdf.php. No further information is currently available.

2) A vulnerability is caused due to insufficient privilege checks in
MOStlyDB Admin. Successful exploitation requires valid administrator
credentials. No further information is currently available.

The vulnerabilities are reported in version 4.6.1. Prior versions may
also be affected.

SOLUTION:
Update to version 4.6.2.

PROVIDED AND/OR DISCOVERED BY:
1) Robert Atkinson
2) Reported by the vendor.

ORIGINAL ADVISORY:
1) http://www.tracker.mambo-foundation.org/?do=details&task_id=170

Collapse -
MailCOPA Command Line Argument Handling Buffer Overflow
by Marianna Schmudlach / May 3, 2007 1:20 AM PDT

TITLE:
MailCOPA Command Line Argument Handling Buffer Overflow

SECUNIA ADVISORY ID:
SA25125

VERIFY ADVISORY:
http://secunia.com/advisories/25125/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
MailCOPA 8.x
http://secunia.com/product/14124/

DESCRIPTION:
skillTube has discovered a vulnerability in MailCOPA, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing
command-line arguments and can be exploited to cause a stack-based
buffer overflow via e.g. an overly long (greater than 1000 bytes),
specially crafted "mailto" link.

Successful exploitation allows execution of arbitrary code, but
requires that a user e.g. is tricked into clicking a malicious
"mailto" link when the application is set as the default mail
client.

The vulnerability is confirmed in version 8.01 released 2007-03-23.
Other versions may also be affected.

SOLUTION:
Update to version 8.01 released 2007-05-01 or later.
http://www.intervations.com/download/mailcopa/_mailcpa.exe

PROVIDED AND/OR DISCOVERED BY:
skillTube

ORIGINAL ADVISORY:
http://www.skilltube.com/index.php?option=com_content&task=view&id=24&Itemid=37

Collapse -
All In One Control Panel Unspecified Parameters Handling Mul
by Marianna Schmudlach / May 3, 2007 1:22 AM PDT

Advisory ID : FrSIRT/ADV-2007-1637
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

Multiple vulnerabilities have been identified in AIOCP (All In One Control Panel). These issues are caused by unspecified errors with unknown impacts and unknown attack vectors.

Affected Products

AIOCP (All In One Control Panel) version 1.3.015 and prior

Solution

Upgrade to AIOCP version 1.3.015 :
http://sourceforge.net/projects/aiocp/

References

http://www.frsirt.com/english/advisories/2007/1637
http://sourceforge.net/project/shownotes.php?release_id=504924&group_id=159137

Credits

Vulnerabilities reported by the vendor

Collapse -
Cisco PIX and ASA Multiple Authentication Bypass and Denial
by Marianna Schmudlach / May 3, 2007 1:23 AM PDT

Cisco PIX and ASA Multiple Authentication Bypass and Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-1636
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

Multiple vulnerabilities have been identified in Cisco PIX and ASA, which could be exploited by attackers to bypass security checks or cause a denial of service.

The first issue is caused by an error when using a Lightweight Directory Access Protocol (LDAP) authentication server, which could be exploited by attackers to gain unauthorized access to a vulnerable device internal resources.

The second vulnerability is caused by an error when terminating Virtual Private Networks (VPN) while the tunnel group is configured with password expiry, which could be exploited by an attacker who knows the group name and group password to cause a denial of service.

The third issue is caused by a race condition within the SSL VPN HTTP server when processing non-standard SSL sessions, which could be exploited by attackers to reload a vulnerable device, creating a denial of service condition.

Affected Products

Cisco PIX 500 Series Security Appliances software versions 7.1.x
Cisco PIX 500 Series Security Appliances software versions 7.2.x
Cisco ASA 5500 Series Adaptive Security Appliances software versions 7.2.x
Cisco ASA 5500 Series Adaptive Security Appliances software versions 7.1.x

Solution

Upgrade to software version 7.1(2)49 or 7.2(2)19 :
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix-interim?psrtdcat20e2

References

http://www.frsirt.com/english/advisories/2007/1636
http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml

Credits

Vulnerabilities reported by Cisco customers

Collapse -
Cisco PIX and ASA DHCP Relay Agent Functionality Denial of S
by Marianna Schmudlach / May 3, 2007 1:24 AM PDT

Cisco PIX and ASA DHCP Relay Agent Functionality Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-1635
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

A vulnerability has been identified in Cisco PIX and ASA, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error in the DHCP relay agent functionality when handling "DHCPACK" messages received from multiple DHCP servers in response to a DHCP client "DHCPREQUEST" or "DHCPINFORM" message, which could be exploited by attackers to cause a vulnerable system configured with more than one DHCP server to exhaust all available memory memory resources, creating a denial of service condition.

Affected Products

Cisco PIX 500 Series Security Appliances with software versions 7.2(1) through 7.2(2.14)
Cisco ASA 5500 Series Adaptive Security Appliances with software versions 7.2(1) through 7.2(2.14)

Solution

Upgrade to software version 7.2(2.15) :
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix-interim

References

http://www.frsirt.com/english/advisories/2007/1635
http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://www.kb.cert.org/vuls/id/530057

Credits

Vulnerability reported by Lisa Sittler and Grant Deffenbaugh (CERT/CC)

Collapse -
Redhat Security Update Fixes XScreenSaver Denial of Service
by Marianna Schmudlach / May 3, 2007 1:26 AM PDT

Redhat Security Update Fixes XScreenSaver Denial of Service and Security Bypass

Advisory ID : FrSIRT/ADV-2007-1626
CVE ID : CVE-2007-1859
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

A vulnerability has been identified in Redhat, which could be exploited by malicious to cause a denial of service and bypass security restrictions. This issue is caused by an error in the way XScreenSaver verifies user passwords when the system is using a remote directory service for login credentials, which could allow a local attacker to crash a vulnerable application, unlocking the screen.

Affected Products

Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 (Itanium)

Solution

Upgrade the affected packages :
https://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/1626
https://rhn.redhat.com/errata/RHSA-2007-0322.html

Collapse -
Ubuntu Security Update Fixes Net-SNMP "_sess_read()" Denial
by Marianna Schmudlach / May 3, 2007 1:27 AM PDT

Ubuntu Security Update Fixes Net-SNMP "_sess_read()" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-1625
CVE ID : CVE-2005-4837
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

A vulnerability has been identified in Ubuntu, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Net-SNMP when handling TCP connectins while running in master agentx mode, which could be exploited by remote attackers to crash "snmpd", creating a denial of service condition.

Affected Products

Ubuntu 6.06 LTS

Solution

Upgrade to snmpd version 5.2.1.2-4ubuntu2.1.

References

http://www.frsirt.com/english/advisories/2007/1625
http://www.ubuntu.com/usn/usn-456-1

Collapse -
Debian Security Update Fixes Kernel Privilege Escalation and
by Marianna Schmudlach / May 3, 2007 1:28 AM PDT

Debian Security Update Fixes Kernel Privilege Escalation and Denial of Service Issues

Advisory ID : FrSIRT/ADV-2007-1624
CVE ID : CVE-2007-0005 - CVE-2007-0958 - CVE-2007-1357 - CVE-2007-1592
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

Multiple vulnerabilities have been identified in Debian, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or obtain elevated privileges. These issues are caused by errors in Kernel. For additional information, see : FrSIRT/ADV-2007-0872 - FrSIRT/ADV-2007-1340 - FrSIRT/ADV-2007-1084

Affected Products

Debian GNU/Linux etch

Solution

Upgrade to linux-2.6 version 2.6.18.dfsg.1-12etch1.

References

http://www.frsirt.com/english/advisories/2007/1624
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00042.html

Collapse -
Mandriva Security Update Fixes Quagga bgpd Remote Denial of
by Marianna Schmudlach / May 3, 2007 1:30 AM PDT

Mandriva Security Update Fixes Quagga bgpd Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-1623
CVE ID : CVE-2007-1995
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-03
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Quagga. For additional information, see : FrSIRT/ADV-2007-1336

Affected Products

Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/1623
http://archives.mandrivalinux.com/security-announce/2007-05/msg00004.php

Collapse -
AtomixMP3 mp3database.txt Handling Buffer Overflow Vulnerabi
by Marianna Schmudlach / May 3, 2007 1:33 AM PDT

TITLE:
AtomixMP3 mp3database.txt Handling Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA25126

VERIFY ADVISORY:
http://secunia.com/advisories/25126/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
AtomixMP3 2.x
http://secunia.com/product/12786/

DESCRIPTION:
Preth00nker has discovered a vulnerability in AtomixMP3, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the
handling of the mp3atabase.txt file when using the "Search" button.
This can be exploited to cause a stack-based buffer overflow via an
overly long (greater than 512 bytes) string as the contents of the
said file.

Successful exploitation requires that a user is tricked into e.g.
overwriting or copying a malicious mp3database.txt file into the
AtomixMP3 folder and double-clicking on the malicious entry within
the "Search" display.

The vulnerability is confirmed in version 2.3. Other versions may
also be affected.

SOLUTION:
Do not overwrite or copy untrusted mp3database.txt files into the
AtomixMP3 folder.

PROVIDED AND/OR DISCOVERED BY:
Preth00nker

ORIGINAL ADVISORY:
http://mexhackteam.org/index.php?modle=Descargas&cat=sub_exploits#3

Collapse -
Debian update for linux-2.6
by Marianna Schmudlach / May 3, 2007 1:34 AM PDT

TITLE:
Debian update for linux-2.6

SECUNIA ADVISORY ID:
SA25078

VERIFY ADVISORY:
http://secunia.com/advisories/25078/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, DoS

WHERE:
From local network

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/product/13844/

DESCRIPTION:
Debian has issued an update for linux-2.6. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and gain escalated privileges, and by
malicious people to cause a DoS.

For more information:
SA13126
SA24436
SA24618
SA24793

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.us.debian.org/security/2007/dsa-1286

OTHER REFERENCES:
SA13126:
http://secunia.com/advisories/13126/

SA24436:
http://secunia.com/advisories/24436/

SA24618:
http://secunia.com/advisories/24618/

SA24793:
http://secunia.com/advisories/24793/

Collapse -
XScreenSaver "getpwuid()" Authentication Bypass Weakness
by Marianna Schmudlach / May 3, 2007 1:35 AM PDT

TITLE:
XScreenSaver "getpwuid()" Authentication Bypass Weakness

SECUNIA ADVISORY ID:
SA25065

VERIFY ADVISORY:
http://secunia.com/advisories/25065/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
Local system

SOFTWARE:
XScreenSaver 5.x
http://secunia.com/product/14114/
XScreenSaver 4.x
http://secunia.com/product/10125/

DESCRIPTION:
Alex Yamauchi has reported a weakness in XScreenSaver, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

The weakness is caused due to an error within the parsing of results
of a call to "getpwuid()" in drivers/lock.c when using directory
servers during a network outage. This can be exploited to e.g. crash
XScreenSaver and thus gain access to a locked system.

SOLUTION:
Update to version 5.02.

PROVIDED AND/OR DISCOVERED BY:
Alex Yamauchi

Collapse -
Avaya CMS / IR Sun Solaris libX11 Integer Overflow Vulnerabi
by Marianna Schmudlach / May 3, 2007 1:36 AM PDT

TITLE:
Avaya CMS / IR Sun Solaris libX11 Integer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA25112

VERIFY ADVISORY:
http://secunia.com/advisories/25112/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Avaya Call Management System (CMS)
http://secunia.com/product/4615/

SOFTWARE:
Avaya Interactive Response 1.x
http://secunia.com/product/4767/

DESCRIPTION:
Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can
be exploited by malicious, local users to gain escalated privileges.

For more information:
SA24975

The following versions are affected:
* Avaya CMS V9, V11, R12, R13/R13.1, and R14
* Avaya IR 1.3 and 2.0 running on Solaris 8 or Solaris 10

NOTE: The default configuration does not allow the affected binaries
to be executed.

SOLUTION:
The vendor recommends not loading X11 Window dump files from
untrusted sources.

ORIGINAL ADVISORY:
http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm

OTHER REFERENCES:
SA24975:
http://secunia.com/advisories/24975/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?