HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - October 17, 2006

by Marianna Schmudlach / October 17, 2006 2:18 AM PDT

TITLE:
Apple Xcode WebObjects Plugin Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA22474

VERIFY ADVISORY:
http://secunia.com/advisories/22474/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Apple Xcode 2.x
http://secunia.com/product/10144/

DESCRIPTION:
A vulnerability has been reported in Apple Xcode, which can be
exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the use of a vulnerable version of
OpenBase SQL.

For more information:
SA22390

SOLUTION:
Download the latest J2SE 5.0-compliant OpenBase JDBC drivers from
http://www.openbase.com.

Alternatively, remove the "setuid" flags from the OpenBase binaries.

OTHER REFERENCES:
SA22390:
http://secunia.com/advisories/22390/

Discussion is locked
You are posting a reply to: VULNERABILITIES - October 17, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - October 17, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Toshiba Bluetooth Stack Memory Corruption Vulnerability
by Marianna Schmudlach / October 17, 2006 2:19 AM PDT

TITLE:
Toshiba Bluetooth Stack Memory Corruption Vulnerability

SECUNIA ADVISORY ID:
SA22402

VERIFY ADVISORY:
http://secunia.com/advisories/22402/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
Toshiba Bluetooth Stack 4.x
http://secunia.com/product/6807/
Toshiba Bluetooth Stack 3.x
http://secunia.com/product/6806/

DESCRIPTION:
A vulnerability has been reported in Toshiba Bluetooth Stack, which
can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to an unspecified memory corruption
error and may potentially allow execution of arbitrary code via
specially crafted Bluetooth packets.

Successful exploitation requires knowledge of the Bluetooth device
address.

The vulnerability is reported in version 3.x and versions 4 through
4.00.35. Other versions may also be affected.

NOTE: Products from other vendors using the Toshiba Bluetooth Stack
may also be affected. The Toshiba Bluetooth Stack running on 64-bit
platforms is reportedly not affected.

SOLUTION:
Update to the latest version.

PROVIDED AND/OR DISCOVERED BY:
David Maynor, SecureWorks and Jon Ellch.

ORIGINAL ADVISORY:
http://www.secureworks.com/press/20061011-dell.html

Collapse -
NVIDIA Binary Graphics Driver for Linux Buffer Overflow Vuln
by Marianna Schmudlach / October 17, 2006 2:20 AM PDT

TITLE:
NVIDIA Binary Graphics Driver for Linux Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA22419

VERIFY ADVISORY:
http://secunia.com/advisories/22419/

CRITICAL:
Highly critical

IMPACT:
Privilege escalation, DoS, System access

WHERE:
From remote

SOFTWARE:
NVIDIA Graphics Drivers for Linux 1.x
http://secunia.com/product/12331/

DESCRIPTION:
Rapid7 has reported a vulnerability in NVIDIA Binary Graphics Driver
for Linux, which can be exploited by malicious, local users to gain
escalated privileges and potentially by malicious people to
compromise a user's system.

A boundary error when performing accelerated rendering of glyphs can
be exploited to cause a buffer overflow via a specially crafted short
sequence of user-supplied glyphs.

Successful exploitation allows execution of arbitrary code with
"root" privileges.

The vulnerability is reported in versions 8774 and 8762. Other
versions may also be affected.

SOLUTION:
Disable accelerated rendering ("RenderAccel" option).

Use another graphics driver.

The vulnerability has reportedly been fixed in the 1.0-9625 beta
driver.

PROVIDED AND/OR DISCOVERED BY:
Derek Abdine, Rapid7.

ORIGINAL ADVISORY:
Rapid7:
http://www.rapid7.com/advisories/R7-0025.jsp

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.