From sec-adv at secunia.com Tue Jun 1 10:26:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 19:26:48 +0200 Subject: [SEC] [SA40018] sblim-sfcb "Content-Length" Processing Two Vulnerabilities Message-ID: <201006011726.o51HQmbu015274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: sblim-sfcb "Content-Length" Processing Two Vulnerabilities SECUNIA ADVISORY ID: SA40018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40018 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/40018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in sblim-sfcb, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) A vulnerability is caused due to the "getPayload()" function in httpAdapter.c not properly verifying the size value provided via the "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via specially crafted HTTP requests. 2) A vulnerability is caused due to a an integer overflow within the "getPayload()" function in httpAdapter.c when receiving an overly large size via the "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via specially crafted HTTP requests. Successful exploitation requires that the "httpMaxContentLength" configuration setting is set to e.g. 0. SOLUTION: Update to version 1.3.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784 http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85 2) http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784 http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 1 11:26:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 20:26:59 +0200 Subject: [SEC] [SA39989] Fedora update for liboggz Message-ID: <201006011826.o51IQxTF005325@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for liboggz SECUNIA ADVISORY ID: SA39989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39989 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/39989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for liboggz. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #9 in: SA36711 SOLUTION: Apply updated packages using the yum utility ("yum update liboggz"). ORIGINAL ADVISORY: FEDORA-2010-9253: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/042175.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 1 12:26:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 21:26:43 +0200 Subject: [SEC] [SA39999] Graviton Mediatech Visitor Logger "VL_include_path" Local File Inclusion Message-ID: <201006011926.o51JQhkV027767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Graviton Mediatech Visitor Logger "VL_include_path" Local File Inclusion SECUNIA ADVISORY ID: SA39999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39999 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/39999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Graviton Mediatech Visitor Logger, which can be exploited by malicious people to disclose sensitive information. Input passed to the "VL_include_path" parameter in banned.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: bd0rk OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 1 13:37:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 22:37:07 +0200 Subject: [SEC] [SA39991] Fedora update for kernel Message-ID: <201006012037.o51Kb78t005053@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA39991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39991 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/39991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges. 1) A race condition within the "find_keyring_by_name()" function in security/keys/keyring.c can be exploited to access freed memory and e.g. cause a system panic. 2) The "btrfs_ioctl_clone()" function in fs/btrfs/ioctl.c does not properly check a user's read access to the source file before cloning the file, which can be exploited to e.g. disclose sensitive information. SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Toshiyuki Okajima 2) Dan Rosenberg ORIGINAL ADVISORY: FEDORA-2010-9183: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/042224.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 1 13:37:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 22:37:07 +0200 Subject: [SEC] [SA40008] JustSystems Ichitaro Character Attributes Processing Vulnerability Message-ID: <201006012037.o51Kb7pF005064@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: JustSystems Ichitaro Character Attributes Processing Vulnerability SECUNIA ADVISORY ID: SA40008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40008 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/40008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in JustSystems Ichitaro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing character attributes and can be exploited to potentially execute arbitrary code via specially crafted documents. SOLUTION: Update to a fixed version if available. Please see the vendor's advisory for details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: JustSystems: http://www.justsystems.com/jp/info/js10002.html JVN: http://jvn.jp/en/jp/JVN17293765/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 1 14:21:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Jun 2010 23:21:04 +0200 Subject: [SEC] [SA39990] Fedora update for httpd Message-ID: <201006012121.o51LL458027342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for httpd SECUNIA ADVISORY ID: SA39990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39990 RELEASE DATE: 2010-06-01 DISCUSS ADVISORY: http://secunia.com/advisories/39990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: This fixes some vulnerabilities, which can be exploited by malicious people to gain access to potentially sensitive information and cause a DoS (Denial of Service). For more information: SA38776 SOLUTION: Apply updated packages using the yum utility ("yum update httpd"). ORIGINAL ADVISORY: FEDORA-2010-6055: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/042195.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 10:28:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 19:28:13 +0200 Subject: [SEC] [SA39948] F5 BIG-IP Multiple Vulnerabilities Message-ID: <201006021728.o52HSDas005009@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: F5 BIG-IP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39948 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in F5 BIG-IP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA38080 SA38807 SOLUTION: Apply the updates or update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: F5: https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11504.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 11:27:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 20:27:13 +0200 Subject: [SEC] [SA39988] EvoCam Web Server Buffer Overflow Vulnerability Message-ID: <201006021827.o52IRDCU027421@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: EvoCam Web Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39988 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EvoCam, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via e.g. an overly long GET request. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 3.6.6 and 3.6.7. Prior versions may also be affected. SOLUTION: Update to version 3.6.8. PROVIDED AND/OR DISCOVERED BY: d1dn0t OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 12:26:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 21:26:58 +0200 Subject: [SEC] [SA39933] F5 ARX OpenSSL Denial of Service Vulnerability Message-ID: <201006021926.o52JQwPp017452@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: F5 ARX OpenSSL Denial of Service Vulnerability SECUNIA ADVISORY ID: SA39933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39933 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in F5 ARX, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of vulnerable OpenSSL code. For more information: SA38807 The vulnerability is reported in version 5.0.1 through 5.0.6. SOLUTION: Update to version 5.1.5. ORIGINAL ADVISORY: https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 13:27:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 22:27:38 +0200 Subject: [SEC] [SA39993] Gentoo update for freetype Message-ID: <201006022027.o52KRcRD007532@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for freetype SECUNIA ADVISORY ID: SA39993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39993 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library. For more information: SA20100 SA25350 SOLUTION: Update to "media-libs/freetype-1.4_pre20080316-r2" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-01: http://www.gentoo.org/security/en/glsa/glsa-201006-01.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 14:22:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 23:22:08 +0200 Subject: [SEC] [SA39962] Gentoo update for silc-toolkit and silc-client Message-ID: <201006022122.o52LM8w1029734@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for silc-toolkit and silc-client SECUNIA ADVISORY ID: SA39962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39962 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for silc-toolkit and silc-client. This fixes multiple vulnerabilities that can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA36134 SA36625 SOLUTION: Update to "net-im/silc-toolkit-1.1.10" or later or "net-im/silc-client-1.1.8" or later. ORIGINAL ADVISORY: GLSA 201006-07 http://www.gentoo.org/security/en/glsa/glsa-201006-07.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 14:46:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Jun 2010 23:46:28 +0200 Subject: [SEC] [SA39992] Gentoo update for camlimages Message-ID: <201006022146.o52LkS80018262@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for camlimages SECUNIA ADVISORY ID: SA39992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39992 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/39992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for camlimages. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the "read_png_file()" and "read_png_file_as_rgb24()" functions, and in gifread.c, jpegread.c, and tiffread.c. These can be exploited to cause heap-based buffer overflows when processing specially crafted PNG, GIF, JPEG, or TIFF images. SOLUTION: Update to dev-ml/camlimages-3.0.2. ORIGINAL ADVISORY: GLSA 201006-02: http://www.gentoo.org/security/en/glsa/glsa-201006-02.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 15:10:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 00:10:06 +0200 Subject: [SEC] [SA40005] Gentoo update for imagemagick Message-ID: <201006022210.o52MA64R006693@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for imagemagick SECUNIA ADVISORY ID: SA40005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40005 RELEASE DATE: 2010-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/40005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for imagemagick. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise the user's system. For more information: SA35216 SOLUTION: Update to "media-gfx/imagemagick-6.5.2.9" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-03: http://www.gentoo.org/security/en/glsa/glsa-201006-03.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 15:24:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 00:24:25 +0200 Subject: [SEC] [SA39998] Accoria Rock Web Server Multiple Vulnerabilities Message-ID: <201006022224.o52MOPIR027070@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Accoria Rock Web Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39998 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ilja van Sprundel has discovered some vulnerabilities in Accoria Rock Web Server, which can be exploited by malicious people to conduct brute force attacks, cross-site scripting attacks, and cross-site request forgery attacks. 1) Input passed to the "desc" parameter in loadstatic.cgi, to the "name" parameter in httpdcfg.cgi (if "type" is set to "4"), and to the "dns" parameter in servercfg.cgi of the administrative interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. 3) The administrative interface generates predictable session cookies, which can be exploited to e.g. bypass the authentication by brute-forcing a valid session cookie. Note: A format string error within authcfg.cgi is also reported. The vulnerabilities are reported in version 1.4.7 (for Solaris) confirmed in version 1.5.1 (for Linux). SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Ilja van Sprundel, IOActive ORIGINAL ADVISORY: http://www.ioactive.com/pdfs/AccoriaWebServer.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 15:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 00:44:27 +0200 Subject: [SEC] [SA39949] Gentoo update for xine-lib Message-ID: <201006022244.o52MiRmr015322@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for xine-lib SECUNIA ADVISORY ID: SA39949 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39949 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39949/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39949/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39949 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for xine-lib. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise the user's system. For more information: SA31502 SA31567 SA33936 SA34593 SOLUTION: Update to "media-libs/xine-lib-1.1.16.3" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-04: http://www.gentoo.org/security/en/glsa/glsa-201006-04.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 16:10:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 01:10:19 +0200 Subject: [SEC] [SA39926] Gentoo update for multipath-tools Message-ID: <201006022310.o52NAJf8003838@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for multipath-tools SECUNIA ADVISORY ID: SA39926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39926 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issues an update for multipath-tools. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. A security issue is caused due to the "/var/run/multipathd.sock" being world-writable, which can be exploited to e.g. send arbitrary commands to the multipath daemon. SOLUTION: Update to "sys-fs/multipath-tools-0.4.8-r1" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-10: http://www.gentoo.org/security/en/glsa/glsa-201006-10.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 16:24:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 01:24:38 +0200 Subject: [SEC] [SA40011] TCExam Arbitrary File Upload Vulnerability Message-ID: <201006022324.o52NOcZa024223@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: TCExam Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA40011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40011 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in TCExam, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the admin/code/tce_functions_tcecode_editor.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. The vulnerability is confirmed in version 10.1.007. Other versions may also be affected. SOLUTION: Restrict access to the admin/code/tce_functions_tcecode_editor.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 16:44:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 01:44:47 +0200 Subject: [SEC] [SA40030] LightNEasy Multiple Script Insertion Vulnerabilities Message-ID: <201006022344.o52NilpN012478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: LightNEasy Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40030 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in LightNEasy, which can be exploited by malicious people to conduct script insertion vulnerabilities. For more information see vulnerability #1 in: SA35354 The vulnerabilities are confirmed in version 3.1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported in LightNEasy (SQLite) 2.x and LightNEasy (no database) 2.x by InterN0T. Additional information about version LightNEasy 3.x provided by High-Tech Bridge SA. ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_lightneasy_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 17:10:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 02:10:26 +0200 Subject: [SEC] [SA40013] Ecomat CMS Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201006030010.o530AQIK000921@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Ecomat CMS Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40013 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported two vulnerabilities in Ecomat CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "lang" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "show" parameter to index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 5.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22390 and HTB22391): http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_ecomat_cms.html http://www.htbridge.ch/advisory/xss_vulnerability_in_ecomat_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 17:22:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 02:22:23 +0200 Subject: [SEC] [SA39927] Gentoo update for BIND Message-ID: <201006030022.o530MNfq021272@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for BIND SECUNIA ADVISORY ID: SA39927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39927 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for BIND. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache. For more information: SA38219 SOLUTION: Update to "net-dns/bind-9.4.3_p5" or later. ORIGINAL ADVISORY: GLSA 201006-11: http://www.gentoo.org/security/en/glsa/glsa-201006-11.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 17:43:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 02:43:10 +0200 Subject: [SEC] [SA39955] Gentoo update for wireshark Message-ID: <201006030043.o530hAKK009563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for wireshark SECUNIA ADVISORY ID: SA39955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39955 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. For more information: SA37842 SA39661 SOLUTION: Update to "net-analyzer/wireshark-1.2.8-r1" or later. ORIGINAL ADVISORY: GLSA 201006-05: http://www.gentoo.org/security/en/glsa/glsa-201006-05.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 17:55:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 02:55:07 +0200 Subject: [SEC] [SA39984] Gentoo update for nano Message-ID: <201006030055.o530t7GQ029829@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for nano SECUNIA ADVISORY ID: SA39984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39984 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for nano. This fixes two security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA39444 SOLUTION: Update to "app-editors/nano-2.2.4" or greater. ORIGINAL ADVISORY: GLSA 201006-08: http://www.gentoo.org/security/en/glsa/glsa-201006-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 18:08:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 03:08:03 +0200 Subject: [SEC] [SA39994] HP-UX update for JRE / JDK Message-ID: <201006030108.o53183wN017769@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: HP-UX update for JRE / JDK SECUNIA ADVISORY ID: SA39994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39994 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for JRE / JDK. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02122104 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 18:22:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 03:22:49 +0200 Subject: [SEC] [SA40029] e-Pares Multiple Vulnerabilities Message-ID: <201006030122.o531MnYa005785@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: e-Pares Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40029 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in e-Pares, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and session fixation attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in version V01 and L01. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. modify unspecified booking facilities data. This vulnerability is reported in version V01, L01, L03, L10, L20, L30, and L40. 3) The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. This vulnerability is reported in version V01, L01, L03, L10, L20, and L30. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Reported by Mr. Yamaya Akira of Mitsui Bussan Secure Directions, Inc. via JVN. ORIGINAL ADVISORY: JVN: http://jvn.jp/jp/JVN36925871/index.html http://jvn.jp/jp/JVN58439007/index.html http://jvn.jp/jp/JVN82465391/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 18:43:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 03:43:08 +0200 Subject: [SEC] [SA39995] Kerio Products Administration Console Unspecified Vulnerability Message-ID: <201006030143.o531h8Hg026436@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Kerio Products Administration Console Unspecified Vulnerability SECUNIA ADVISORY ID: SA39995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39995 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kerio MailServer and Kerio WinRoute Firewall, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. The vulnerability is caused due to an unspecified error within the Administration Console, which can be exploited to read or corrupt arbitrary files on the server by changing the product's configuration. Successful exploitation requires full administration permissions. The vulnerability is reported in the following versions: * Kerio MailServer up to version 6.7.3. * Kerio WinRoute Firewall up to version 6.7.1 patch2. SOLUTION: Upgrade to Kerio Connect version 7.0.0 or higher and Kerio Control version 7.0.0 or higher. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Ji-Gang Wang. ORIGINAL ADVISORY: KSEC-2010-06-01-01: http://www.kerio.com/support/security-advisories#1006 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 18:55:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 03:55:15 +0200 Subject: [SEC] [SA39928] Gentoo update for fetchmail Message-ID: <201006030155.o531tFEm014323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for fetchmail SECUNIA ADVISORY ID: SA39928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39928 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for fetchmail. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a vulnerable system. For more information: SA38391 SA36179 SOLUTION: Update to "net-mail/fetchmail-6.3.14" or later. ORIGINAL ADVISORY: GLSA 201006-12: http://www.gentoo.org/security/en/glsa/glsa-201006-12.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 19:08:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 04:08:58 +0200 Subject: [SEC] [SA40000] OpenSSL Cryptographic Message Syntax "OriginatorInfo" Vulnerability Message-ID: <201006030208.o5328wDa002762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: OpenSSL Cryptographic Message Syntax "OriginatorInfo" Vulnerability SECUNIA ADVISORY ID: SA40000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40000 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an error when handling CMS (Cryptographic Message Syntax) structures. This can be exploited to trigger a write to an invalid memory address or a double-free via a specially crafted CMS structure containing an "OriginatorInfo" element. Successful exploitation may allow execution of arbitrary code, but requires that CMS is enabled (disabled by default in 0.9.x). The vulnerability is reported in versions 0.9.8h and later. SOLUTION: Update to version 0.9.8o. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ronald Moesbergen. ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20100601.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 19:21:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 04:21:04 +0200 Subject: [SEC] [SA39996] Red Hat update for rhn-client-tools Message-ID: <201006030221.o532L4pG023065@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Red Hat update for rhn-client-tools SECUNIA ADVISORY ID: SA39996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39996 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for rhn-client-tools. This fixes a security issue, which can be exploited by malicious, local users to disclose sensitive information and manipulate certain data. The security issue is caused due to the rhn-client-tools setting insecure permissions on "/var/spool/up2date/loginAuth.pkl". This can be exploited to disclose credentials for connecting to the Red Hat Network servers and manipulate package or action lists associated with the system's profile. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2010:0449-1: https://rhn.redhat.com/errata/RHSA-2010-0449.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 19:42:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 04:42:01 +0200 Subject: [SEC] [SA39959] Gentoo update for transmission Message-ID: <201006030242.o532g1Q4011351@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for transmission SECUNIA ADVISORY ID: SA39959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39959 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for transmission. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA39031 SOLUTION: Update to "net-p2p/transmission-1.92" or later. ORIGINAL ADVISORY: GLSA 201006-06: http://www.gentoo.org/security/en/glsa/glsa-201006-06.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 19:53:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 04:53:58 +0200 Subject: [SEC] [SA40024] OpenSSL Two Vulnerabilities Message-ID: <201006030253.o532rwYZ031619@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: OpenSSL Two Vulnerabilities SECUNIA ADVISORY ID: SA40024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40024 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenSSL, which potentially can be exploited by malicious people to compromise an application using the library or to conduct spoofing attacks. 1) An error when handling CMS (Cryptographic Message Syntax) structures can be exploited to potentially execute arbitrary code. For more information: SA40000 2) An uninitialised buffer is returned instead of an error code when the verification recovery process fails. This can be exploited to potentially bypass key validation in applications using "EVP_PKEY_verify_recover()". The vulnerabilities are reported in version 1.0.0. SOLUTION: Update to version 1.0.0a. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ronald Moesbergen 2) Peter-Michael Hager ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20100601.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 20:06:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 05:06:51 +0200 Subject: [SEC] [SA39852] CompleteFTP Server Two Vulnerabilities Message-ID: <201006030306.o5336psQ019555@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CompleteFTP Server Two Vulnerabilities SECUNIA ADVISORY ID: SA39852 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39852/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39852 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39852/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39852/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39852 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in CompleteFTP, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system. 1) An input validation error in the FTP service can be exploited to download or replace arbitrary files placed in a directory above the FTP root by prepending a ".../" sequence to the filename. 2) An input validation error in the FTP service allows to change the current working directory to an arbitrary directory on the filesystem by specifying an absolute path. This can be exploited to download or replace arbitrary files in arbitrary directories on the local file system. The vulnerabilities are confirmed in version 4.0.2. Prior versions may also be affected. SOLUTION: Update to version 4.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by Sow Ching Shiong via Secunia. ORIGINAL ADVISORY: Enterprise Distributed Technologies: http://www.enterprisedt.com/products/completeftp/history.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 2 20:20:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 05:20:51 +0200 Subject: [SEC] [SA39985] Gentoo update for sudo Message-ID: <201006030320.o533KpeL007530@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for sudo SECUNIA ADVISORY ID: SA39985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39985 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/39985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA39384 SOLUTION: Update to "app-admin/sudo-1.7.2_p6" or later. ORIGINAL ADVISORY: GLSA 201006-09: http://www.gentoo.org/security/en/glsa/glsa-201006-09.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 10:27:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 19:27:54 +0200 Subject: [SEC] [SA40045] HP ServiceCenter Unspecified Cross-Site Scripting Vulnerability Message-ID: <201006031727.o53HRsEh026464@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: HP ServiceCenter Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40045 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP ServiceCenter, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions running on AIX, HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patch HPSC_00202 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02538 SSRT100136: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02076821 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 11:27:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 20:27:54 +0200 Subject: [SEC] [SA40043] MoinMoin "template" Cross-Site Scripting Vulnerability Message-ID: <201006031827.o53IRsha016519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: MoinMoin "template" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40043 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "template" parameter while editing a non-existing user is not properly sanitised before being returned to the user in PageEditor.py. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 1.9.2 and prior. SOLUTION: Fixed in the source code repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 12:28:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 21:28:02 +0200 Subject: [SEC] [SA40042] HP-UX update for Apache Message-ID: <201006031928.o53JS2UL006582@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: HP-UX update for Apache SECUNIA ADVISORY ID: SA40042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40042 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Apache in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to gain access to potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service). For more information: SA36549 SA36675 SA38776 SA38807 The vulnerabilities are reported in the following products: * HP-UX B.11.23 and B.11.31 running Apache-based Web Server versions prior to 2.2.8.09. * HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server versions prior to 2.0.59.15 SOLUTION: Apply fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02531 SSRT100108: https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02160663 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 13:28:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 22:28:16 +0200 Subject: [SEC] [SA40046] Gentoo update for gd Message-ID: <201006032028.o53KSGmc029032@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for gd SECUNIA ADVISORY ID: SA40046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40046 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA37069 SOLUTION: Update to "media-libs/gd-2.0.35-r1" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-16: http://www.gentoo.org/security/en/glsa/glsa-201006-16.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 14:22:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 23:22:18 +0200 Subject: [SEC] [SA40047] Gentoo update for xemacs Message-ID: <201006032122.o53LMIcM018816@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for xemacs SECUNIA ADVISORY ID: SA40047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40047 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for xemacs. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA35348 SOLUTION: Update to "app-editors/xemacs-21.4.22-r1" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-15: http://www.gentoo.org/security/en/glsa/glsa-201006-15.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 14:47:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Jun 2010 23:47:06 +0200 Subject: [SEC] [SA40048] Gentoo update for lighttpd Message-ID: <201006032147.o53Ll6UZ007367@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for lighttpd SECUNIA ADVISORY ID: SA40048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40048 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38403 SOLUTION: Update to "www-servers/lighttpd-1.4.25-r1" or later. ORIGINAL ADVISORY: GLSA 201006-17: http://www.gentoo.org/security/en/glsa/glsa-201006-17.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 15:09:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 00:09:33 +0200 Subject: [SEC] [SA40031] CMS Made Simple Cross-Site Request Forgery Vulnerability Message-ID: <201006032209.o53M9Xvh028122@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CMS Made Simple Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40031 RELEASE DATE: 2010-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/40031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CMS Made Simple, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change group permissions or change the administrative password by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.7.1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Truong Thao Nguyen, Do Hoang Bach, and Cao Xuan Sang, Bkis. ORIGINAL ADVISORY: http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 15:23:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 00:23:21 +0200 Subject: [SEC] [SA40041] Novell eDirectory Multiple Vulnerabilities Message-ID: <201006032223.o53MNLIu016084@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Novell eDirectory Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40041 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) An unspecified error in NDSD when processing malformed verbs can be exploited to cause a crash. 2) A boundary error in dhost.exe can be exploited to cause a buffer overflow via a specially crafted GET request. 3) An unspecified error can be exploited to cause Dhost to crash e.g. by running a certain security scan against the server. The vulnerabilities are reported in versions prior to 8.8 SP5 Patch 4. SOLUTION: Update to version 8.8 SP5 Patch 4. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits ZDI. 2) HACKATTACK 3) Reported by the vendor. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=3426981 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076151.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 15:44:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 00:44:30 +0200 Subject: [SEC] [SA40001] F5 Enterprise Manager OpenSSL Denial of Service Message-ID: <201006032244.o53MiUNk004382@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: F5 Enterprise Manager OpenSSL Denial of Service SECUNIA ADVISORY ID: SA40001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40001 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in F5 Enterprise Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of vulnerable OpenSSL code. For more information: SA38807 The vulnerability is reported in version 2.0. Reportedly, version 1.x is not affected. SOLUTION: Restrict TLS connections to an affected device. ORIGINAL ADVISORY: https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 16:10:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 01:10:05 +0200 Subject: [SEC] [SA39680] TomatoCMS Multiple Vulnerabilities Message-ID: <201006032310.o53NA5cR025288@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: TomatoCMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39680 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/39680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "keyword" and "bannerid" parameters to index.php/admin/ad/banner/list is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the users browser in context of the affected site. 2) Input passed via the "title" and "answers" parameters to index.php/admin/poll/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Create new poll" permissions. 3) Input passed via the "name" parameter to index.php/admin/category/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Create new category" permissions. 4) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password by tricking a logged-in administrative user into visiting a malicious web site. 5) Input passed via the "keyword" and "article-id" parameters to index.php/admin/news/article/list, the "keyword" parameter to index.php/admin/multimedia/set/list, the "keyword" and "fileId" parameters to index.php/admin/multimedia/file/list, and the "name", "email", and "address" parameters to index.php/admin/ad/client/list is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the users browser in context of the affected site. 6) An error exists in the validation of uploaded image files while adding a new article. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. Successful exploitation of this vulnerability requires "Add new article", "Upload file to server", and "Browse uploaded files" permissions. The vulnerabilities are confirmed in version 2.0.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted websites or follow untrusted links while logged in to the application. Grant only trusted users "Add new article", "Upload file to server", and "Browse uploaded files" permissions. PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by Russ McRee, HolisticInfoSec via Secunia. 5, 6) Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-57/ http://secunia.com/secunia_research/2010-58/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 16:24:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 01:24:02 +0200 Subject: [SEC] [SA40012] Ubuntu update for linux and linux-source-2.6.15 Message-ID: <201006032324.o53NO280013249@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux and linux-source-2.6.15 SECUNIA ADVISORY ID: SA40012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40012 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux and linux-source-2.6.15. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious, local users in a KVM guest to cause a DoS and potentially gain escalated privileges, and by malicious people to cause a DoS. For more information: SA35265 SA38499 SA38594 SA38601 SA38718 SA39316 SA39344 SA39490 1) A vulnerability is caused due to an error within the handling of protected Virtual Dynamically-linked Shared Object pages during a segfault of a 32-bit process on a 64-bit system, which can be exploited to cause a kernel crash. 2) An error within the SCTP implementation can be exploited to cause a kernel crash by sending specially crafted SCTP packets to a vulnerable system. 3) A NULL pointer dereference error within the "ip6_dst_lookup_tail()" function can be exploited to cause a kernel crash by sending specially crafted IPv6 traffic to a vulnerable system. 4) An error exists within the implementation of the GFS2 file system, which can be exploited by malicious, local users to trigger a "BUG()". 5) An error exists within the implementation of the TIPC protocol, which can be exploited by malicious, local users to cause a NULL pointer dereference by sending datagrams through AF_TIPC before entering the network mode. 6) A vulnerability is caused due to a use-after-free error within the "tcp_rcv_state_process()" function, which can be exploited to cause a kernel crash by e.g. sending a specially crafted IPv6 packet to a listening socket with the IPV6_RECVPKTINFO option enabled. Note: CVE-2009-4271, CVE-2010-0008, and CVE-2010-1188 only affect Ubuntu 6.06 LTS. CVE-2010-0298, CVE-2010-0306, CVE-2010-0419, CVE-2010-1084, CVE-2010-1088, and CVE-2010-1187 do not affect Ubuntu 6.06 LTS. CVE-2010-0437 and CVE-2010-0741 only affect Ubuntu 8.04 LTS. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Ubuntu credits: 2) Wei Yongjun 3) Evgeniy Polyakov 4) Sachin Prabhu 5) Neil Horman 5) Masayuki Nakagawa ORIGINAL ADVISORY: USN-947-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-June/001099.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 16:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 01:44:27 +0200 Subject: [SEC] [SA39860] Horde Groupware / Horde Groupware Webmail Edition Cross-Site Request Forgery Message-ID: <201006032344.o53NiR16001458@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Horde Groupware / Horde Groupware Webmail Edition Cross-Site Request Forgery SECUNIA ADVISORY ID: SA39860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39860 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/39860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in Horde Groupware and Horde Groupware Webmail Edition, which can be exploited by malicious people to conduct cross-site request forgery attacks. The applications allow users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain settings by tricking a logged-in user into visiting a specially crafted website. The vulnerability is confirmed in Horde Groupware 1.2.6 and Horde Groupware Webmail Edition 1.2.6. Other versions may also be affected. SOLUTION: Do not visit untrusted websites and do not follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by Russ McRee, HolisticInfoSec via Secunia. ORIGINAL ADVISORY: http://holisticinfosec.org/content/view/145/45/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 17:10:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 02:10:25 +0200 Subject: [SEC] [SA40010] Gentoo update for smarty Message-ID: <201006040010.o540AP9G022441@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for smarty SECUNIA ADVISORY ID: SA40010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40010 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for smarty. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA29241 SA32329 SA35072 SOLUTION: Update to "dev-php/smarty-2.6.23" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-13: http://www.gentoo.org/security/en/glsa/glsa-201006-13.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 17:22:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 02:22:20 +0200 Subject: [SEC] [SA40006] Gentoo update for newt Message-ID: <201006040022.o540MKxK010329@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for newt SECUNIA ADVISORY ID: SA40006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40006 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for newt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. For more information: SA36810 SOLUTION: Update to "dev-libs/newt-0.52.10-r1" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-14: http://www.gentoo.org/security/en/glsa/glsa-201006-14.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 17:42:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 02:42:59 +0200 Subject: [SEC] [SA40032] Beanstalkd "put" Command Job Processing Security Issue Message-ID: <201006040042.o540gx4W030996@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Beanstalkd "put" Command Job Processing Security Issue SECUNIA ADVISORY ID: SA40032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40032 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Beanstalkd, which potentially can be exploited by malicious people to manipulate certain data. The server fails to properly reject "put" commands defining an overly large job. This can be exploited to potentially inject commands without the cooperation of a client application via specially crafted job payload data. The security issue is reported in versions prior to 1.4.6. SOLUTION: Update to version 1.4.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 17:55:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 02:55:07 +0200 Subject: [SEC] [SA40009] SIMM Management System "page" Local File Inclusion Vulnerability Message-ID: <201006040055.o540t7Ys018883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: SIMM Management System "page" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA40009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40009 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SIMM Management System, which can be exploited by malicious people to disclose sensitive information. Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.6.10. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AntiSecurity OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 18:08:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 03:08:08 +0200 Subject: [SEC] [SA40028] RPM Package Manager Package Upgrade File Metadata Update Weaknesses Message-ID: <201006040108.o54188Hh006820@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: RPM Package Manager Package Upgrade File Metadata Update Weaknesses SECUNIA ADVISORY ID: SA40028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40028 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in RPM Package Manager, which can be exploited by malicious, local users to gain escalated privileges. 1) The application does not properly remove e.g. the setuid and setgid bits from binaries when upgrading a package, which can be exploited to gain escalated privileges by creating hardlinks to the old binary. 2) The application does not properly update the POSIX file capabilities when e.g. erasing or renaming a binary, which can be exploited to keep the previous capabilities by creating hardlinks to the old binary. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Matt McCutchen ORIGINAL ADVISORY: Red Hat Bug #598775: https://bugzilla.redhat.com/show_bug.cgi?id=598775 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 18:21:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 03:21:53 +0200 Subject: [SEC] [SA40014] Bftpd Anonymous Account "ROOTDIR" Security Issue Message-ID: <201006040121.o541LrGo027170@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Bftpd Anonymous Account "ROOTDIR" Security Issue SECUNIA ADVISORY ID: SA40014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40014 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Bftpd, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the server failing to restrict the anonymous account to the directory specified by the "ROOTDIR" configuration option. This can be exploited to gain read and write access to arbitrary files or directories on an affected system. Successful exploitation requires that the anonymous account is enabled (disabled by default). The security issue is reported in versions prior to 2.9. SOLUTION: Update to version 2.9. PROVIDED AND/OR DISCOVERED BY: The vendor credits Paul Laufer. ORIGINAL ADVISORY: http://bftpd.sourceforge.net/news.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 18:42:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 03:42:59 +0200 Subject: [SEC] [SA40002] Sudo "secure path" Security Bypass Security Issue Message-ID: <201006040142.o541gxTD015472@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Sudo "secure path" Security Bypass Security Issue SECUNIA ADVISORY ID: SA40002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40002 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Sudo, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to the "secure path" feature only verifying and restricting the first instance of the "PATH" environment variable, which can be exploited to e.g. run restricted applications by adding a second instance of the "PATH" environment variable. Successful exploitation requires that the "secure path" feature is configured and that the attacker is allowed to run an application, which e.g. uses the last instance of the "PATH" environment variable and does not set "PATH" itself (e.g. GNU Bourne Again SHell). The security issue is reported in versions 1.3.1 through 1.6.9p22 and versions 1.7.0 through 1.7.2p6. SOLUTION: Update to version 1.6.9p23 and 1.7.2p7. PROVIDED AND/OR DISCOVERED BY: The vendor credits Evan Broder and Anders Kaseorg of Ksplice, Inc. ORIGINAL ADVISORY: http://www.sudo.ws/sudo/alerts/secure_path.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 18:55:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 03:55:09 +0200 Subject: [SEC] [SA40020] dotDefender Log Viewer Script Insertion Vulnerability Message-ID: <201006040155.o541t9dp003364@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: dotDefender Log Viewer Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40020 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sandro Gauci has reported a vulnerability in dotDefender, which can be exploited by malicious people to conduct script insertion attacks. Certain input via HTTP headers is not properly sanitised before being used in the log file viewer. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site via specially crafted HTTP requests. The vulnerability is reported in versions prior to 4.01-3. SOLUTION: Update to version 4.01-3. PROVIDED AND/OR DISCOVERED BY: Sandro Gauci, EnableSecurity ORIGINAL ADVISORY: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 19:12:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 04:12:58 +0200 Subject: [SEC] [SA40027] MySQL Enterprise Monitor Cross-Site Request Forgery Message-ID: <201006040212.o542CwiW025554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: MySQL Enterprise Monitor Cross-Site Request Forgery SECUNIA ADVISORY ID: SA40027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40027 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MySQL Enterprise Monitor, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform unspecified actions e.g. if a logged-in user visits a specially crafted web site. The vulnerability is reported in versions prior to 2.1.2. SOLUTION: Update to version 2.1.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://dev.mysql.com/doc/refman/5.1/en/mem-news-2-1-2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 3 19:42:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 04:42:50 +0200 Subject: [SEC] [SA40044] HP StorageWorks Storage Mirroring Software Unspecified Unauthorised Access Vulnerability Message-ID: <201006040242.o542gofC014253@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: HP StorageWorks Storage Mirroring Software Unspecified Unauthorised Access Vulnerability SECUNIA ADVISORY ID: SA40044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40044 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks Storage Mirroring Software, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to gain unauthorised access. No further information is currently available. The vulnerability is reported in versions prior to 5.2.1.870.0. SOLUTION: Update to version 5.2.1.870.0. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBST02536 SSRT100057: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02056045 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 10:28:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 19:28:27 +0200 Subject: [SEC] [SA40023] DDLCMS "skin" Local File Inclusion Vulnerability Message-ID: <201006041728.o54HSRH2009171@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: DDLCMS "skin" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA40023 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40023/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40023 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40023/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40023/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40023 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DDLCMS, which can be exploited by malicious people to disclose sensitive information. Input passed to the "skin" parameter in thanks.php is not properly verified before being used to include files. This can be exploited include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled. The vulnerability is confirmed in DDLCMS version version 2.1. Other versions may be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: eidelweiss ORIGINAL ADVISORY: http://eidelweiss-advisories.blogspot.com/2010/06/ddlcms-v21-skin-remote-file-inclusion.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 11:28:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 20:28:34 +0200 Subject: [SEC] [SA40060] Attachmate Reflection Multiple Vulnerabilities Message-ID: <201006041828.o54ISYkv031620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40060 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Reflection, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges and by malicious people to conduct spoofing attacks. 1) The application supports cryptographically insecure MD2 hash signatures by default, which can be exploited to potentially spoof certificates. 2) An error exists when processing certificate fields containing NULL ('\0') characters. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks via specially crafted certificates. This is related to vulnerability #2 in: SA36093 3) Multiple vulnerabilities in Reflection X can be exploited by malicious, local users to cause a DoS, disclose potentially sensitive information, or gain escalated privileges. For more information: SA28532 SA30627 The vulnerabilities are reported in the following products and versions: * Reflection for HP version 13.0 and later * Reflection for UNIX and OpenVMS version 13.0 and later * Reflection for ReGIS Graphics version 13.0 and later * Reflection for IBM version 13.0 and later * Reflection X version 13.0 and later SOLUTION: Update to version 14.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/1708.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 12:28:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 21:28:07 +0200 Subject: [SEC] [SA40066] Hitachi Web Server SSL Denial of Service Vulnerability Message-ID: <201006041928.o54JS7UY021639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Hitachi Web Server SSL Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40066 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the SSL function when receiving an invalid packet. Further information is currently not available. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-008: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-008/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 13:28:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 22:28:21 +0200 Subject: [SEC] [SA40064] eFront Cross-Site Scripting and Cross-Site Request Forgery Message-ID: <201006042028.o54KSL4m011708@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: eFront Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA40064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40064 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in eFront, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed e.g. via the "math_server" parameter to the admin system settings section is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add administrative users if a logged-in administrative user visits a specially crafted web site. The vulnerabilities are confirmed in version 3.6.3 build 7455. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not visit untrusted web sites or follow links from untrusted sources while being logged-in to the application. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Vupen. Additional information provided by Secunia Research. 2) Ponder Stibbons ORIGINAL ADVISORY: eFront: http://forum.efrontlearning.net/viewtopic.php?f=15&t=2177 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 14:22:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 23:22:06 +0200 Subject: [SEC] [SA40063] Ubuntu update for gnutls12 Message-ID: <201006042122.o54LM66i001407@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Ubuntu update for gnutls12 SECUNIA ADVISORY ID: SA40063 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40063/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40063 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40063/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40063/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40063 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for gnutls12. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in the verification of X.509 certificates and can be exploited to cause an application linked against gnutls12 to crash. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-948-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-June/001100.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 14:45:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Jun 2010 23:45:19 +0200 Subject: [SEC] [SA40067] Hiachi Web Server SSL Client Certificate Revocation List Security Bypass Message-ID: <201006042145.o54LjJNh022253@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Hiachi Web Server SSL Client Certificate Revocation List Security Bypass SECUNIA ADVISORY ID: SA40067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40067 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a security issue in Hitachi Web Server, which can be exploited by malicious people to bypass certain security restriction. The security issue is caused due to an unspecified error when processing the certificate revocation list of SSL client certificates, which can be exploited to e.g. pass the SSL client authentication with certificates registered in certificate revocation lists. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches as soon as available. Do not rely on the correct processing of certificate revocation lists. Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-009: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-009/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 15:09:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 00:09:19 +0200 Subject: [SEC] [SA40065] Hitachi Cosminexus Products Unspecified Vulnerability Message-ID: <201006042209.o54M9JQT010786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Unspecified Vulnerability SECUNIA ADVISORY ID: SA40065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40065 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi products, which has unknown impacts. The vulnerability is caused due to an unspecified "stack overflow vulnerability" within the "Collaboration - Common Utility" component. Further information is currently not available. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-006: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-006/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 15:23:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 00:23:01 +0200 Subject: [SEC] [SA40033] abcm2ps "getarena()" Buffer Overflow Vulnerability Message-ID: <201006042223.o54MN1Ta031146@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: abcm2ps "getarena()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40033 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in abcm2ps, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error within the "getarena()" function in abc2ps.c when allocating memory. This can be exploited to potentially cause a heap-based buffer overflow when converting a specially crafted ABC file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 5.9.13. SOLUTION: Update to version 5.9.13. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tim Starling. ORIGINAL ADVISORY: http://moinejf.free.fr/abcm2ps-5.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 15:44:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 00:44:17 +0200 Subject: [SEC] [SA40051] Weborf "Range" Header Denial of Service Vulnerability Message-ID: <201006042244.o54MiHHn019455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Weborf "Range" Header Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40051 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing HTTP headers. This can be exploited to terminate an affected server via a specially crafted "Range" header. The vulnerability is reported in versions prior to 0.12.1. SOLUTION: Update to version 0.12.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 16:10:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 01:10:12 +0200 Subject: [SEC] [SA40040] Gentoo update for sun-jre-bin, sun-jdk, and emul-linux-x86-java Message-ID: <201006042310.o54NACDX007960@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for sun-jre-bin, sun-jdk, and emul-linux-x86-java SECUNIA ADVISORY ID: SA40040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40040 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for sun-jre-bin, sun-jdk, and emul-linux-x86-java. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SA39260 SOLUTION: Update to "dev-java/sun-jre-bin-1.6.0.20" or later, "dev-java/sun-jdk-1.6.0.20" or later, or "app-emulation/emul-linux-x86-java-1.6.0.20" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-18: http://www.gentoo.org/security/en/glsa/glsa-201006-18.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 16:23:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 01:23:52 +0200 Subject: [SEC] [SA40039] Gentoo update for asterisk Message-ID: <201006042323.o54NNqGZ028329@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for asterisk SECUNIA ADVISORY ID: SA40039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40039 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious people to determine valid user names or cause a DoS (Denial of Service). For more information: SA36227 SA36593 SA37265 SA37530 SOLUTION: Update to "net-misc/asterisk-1.2.37" or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: GLSA 201006-20: http://www.gentoo.org/security/en/glsa/glsa-201006-20.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 16:42:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 01:42:59 +0200 Subject: [SEC] [SA40038] Gentoo update for bugzilla Message-ID: <201006042342.o54Ngxil016534@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Gentoo update for bugzilla SECUNIA ADVISORY ID: SA40038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40038 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for bugzilla. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclosure sensitive information, bypass certain security restrictions, conduct script insertion attacks, and SQL injection attacks, and by malicious people to disclosure potentially sensitive information, conduct cross-site request forgery attacks, and SQL injection attacks. For more information: SA31444 SA32501 SA33789 SA34545 SA36718 SA38443 SOLUTION: Update to "www-apps/bugzilla-3.2.6" or later. ORIGINAL ADVISORY: GLSA 201006-19: http://www.gentoo.org/security/en/glsa/glsa-201006-19.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 16:55:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 01:55:02 +0200 Subject: [SEC] [SA40037] CA ARCserve Backup Information Disclosure Vulnerability Message-ID: <201006042355.o54Nt2Pn004404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CA ARCserve Backup Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA40037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40037 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA ARCserve Backup, which can be exploited by malicious, local users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose certain sensitive data. The vulnerability is reported in the following products and versions: * CA ARCserve Backup r12.5 SP1 on Windows * CA ARCserve Backup r12.0 SP2 on Windows * CA ARCserve Backup r11.5 SP4 on Windows SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: CA20100603-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=238390 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jun 4 17:10:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 02:10:14 +0200 Subject: [SEC] [SA39931] Websense "Via" Header Filtering Bypass Security Issue Message-ID: <201006050010.o550AEFi024832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Websense "Via" Header Filtering Bypass Security Issue SECUNIA ADVISORY ID: SA39931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39931 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/39931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: mrhinkydink has reported a security issue in Websense, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the Websense ISAPI Filter plug-in improperly filtering HTTP requests. This can be exploited to bypass URL filtering rules and access restricted websites without monitoring by including an HTTP "Via" header in outgoing HTTP requests. The security issues is reported in version 6.3.0 with Hotfix 54 or later, configured with Microsoft ISA Server 2004 or 2006 or with Microsoft Forefront TMG 2010. SOLUTION: Disable the "IgnoreForwardedRequest" configuration option. Please see the vendor's advisory for additional information. PROVIDED AND/OR DISCOVERED BY: mrhinkydink ORIGINAL ADVISORY: Websense: http://kb.websense.com/display/4/kb/article.aspx?aid=5117&n=1&docid=1557093 mrhinkydink: http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Jun 5 10:28:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 19:28:34 +0200 Subject: [SEC] [SA40034] Adobe Reader/Acrobat authplay.dll Unspecified Code Execution Vulnerability Message-ID: <201006051728.o55HSYEZ027142@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat authplay.dll Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA40034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40034 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more information: SA40026 Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Jun 5 11:28:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 20:28:02 +0200 Subject: [SEC] [SA40026] Adobe Flash Player Unspecified Code Execution Vulnerability Message-ID: <201006051828.o55IS248017178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA40026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40026 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No more information is currently available. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 10.0.45.2 and prior 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris. NOTE: The vulnerability is reportedly being actively exploited. SOLUTION: Reportedly, the latest version 10.1 Release Candidate is not affected. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa10-01.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Jun 5 12:28:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Jun 2010 21:28:06 +0200 Subject: [SEC] [SA40050] Adobe InDesign INDD File Handling Buffer Overflow Message-ID: <201006051928.o55JS67I007235@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Adobe InDesign INDD File Handling Buffer Overflow SECUNIA ADVISORY ID: SA40050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40050 RELEASE DATE: 2010-06-05 DISCUSS ADVISORY: http://secunia.com/advisories/40050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported a vulnerability in Adobe InDesign, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the parsing of .indd files and can be exploited to cause a buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version CS3 and prior versions may also be affected. According to the vendor, later versions are not vulnerable. SOLUTION: Upgrade to CS4 or CS5 as CS3 is no longer supported. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 10:29:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 19:29:35 +0200 Subject: [SEC] [SA40078] Freeciv Lua Shell Command Execution Security Issue Message-ID: <201006071729.o57HTZZp021761@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Freeciv Lua Shell Command Execution Security Issue SECUNIA ADVISORY ID: SA40078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40078 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Freeciv, which can be exploited by malicious people to compromise a user's system. The security issue exists due to the Lua run time environment allowing access to the operating system specific modules and functions. This can be exploited to execute arbitrary shell commands via a specially crafted saved game or scenario file. The security issue is reported in versions prior to 2.2.1. SOLUTION: Update to version 2.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by Ulrik Sverdrup via a Freeciv bug report. ORIGINAL ADVISORY: http://gna.org/bugs/?15624 http://freeciv.wikia.com/wiki/NEWS-2.2.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 11:29:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 20:29:46 +0200 Subject: [SEC] [SA40055] Joomla Search Log Component "search" SQL Injection Vulnerability Message-ID: <201006071829.o57ITk4T011850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Joomla Search Log Component "search" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40055 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Search Log component for Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "search" parameter to administrator/index.php (when "option" is set to "com_searchlog" and "act" is set to "log") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "Public Back-end" permissions. The vulnerability is confirmed in version 3.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: d0lc3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 12:29:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 21:29:07 +0200 Subject: [SEC] [SA40074] WordPress Gigya Socialize Plugin Cross-Site Scripting Vulnerabilities Message-ID: <201006071929.o57JT7mG001849@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: WordPress Gigya Socialize Plugin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40074 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered some vulnerabilities in the Gigya Socialize plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after "[installation path]/" is not properly sanitised before before being returned to the user in wp-content/plugins/gigya-socialize-for-wordpress/views/widget/widget-not-connected.php and wp-content/plugins/gigya-socialize-for-wordpress/views/widget/widget-not-logged-in.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.1.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4153/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 13:28:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 22:28:59 +0200 Subject: [SEC] [SA40091] moziloCMS Cross-Site Request Forgery Vulnerability Message-ID: <201006072028.o57KSx9e024372@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: moziloCMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40091 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40091/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40091 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40091/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40091/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40091 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in moziloCMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create new content by tricking an administrative user into visiting a malicious web site. NOTE: This may further be used to conduct script insertion attacks via the page content. The vulnerability is confirmed in version 1.11.2. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_mozilocms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 14:22:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 23:22:36 +0200 Subject: [SEC] [SA40073] Joomla DJ-ArtGallery Component "cid[]" Two Vulnerabilities Message-ID: <201006072122.o57LMaiA014160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Joomla DJ-ArtGallery Component "cid[]" Two Vulnerabilities SECUNIA ADVISORY ID: SA40073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40073 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the DJ-ArtGallery component for Joomla, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "cid[]" parameter to administrator/index.php (when "option" is set to "com_djartgallery" and "task" is set to "editItem") is not properly sanitised before being used in a SQL query in models/edititem.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "Public Back-end" permissions. 2) Input passed to the "cid[]" parameter in administrator/index.php (when "option" is set to "com_djartgallery" and "task" is set to "editItem") is not properly sanitised before being returned to the user in views/edititem/tmpl/default.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.9.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: d0lc3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 14:46:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Jun 2010 23:46:20 +0200 Subject: [SEC] [SA40084] Debian update for openoffice.org Message-ID: <201006072146.o57LkKVo002565@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Debian update for openoffice.org SECUNIA ADVISORY ID: SA40084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40084 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA40070 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2055-1: http://lists.debian.org/debian-security-announce/2010/msg00098.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 15:09:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 00:09:52 +0200 Subject: [SEC] [SA40053] Battlefield 2 Packet Processing Infinite Loop Vulnerability Message-ID: <201006072209.o57M9qbP023532@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Battlefield 2 Packet Processing Infinite Loop Vulnerability SECUNIA ADVISORY ID: SA40053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40053 RELEASE DATE: 2010-06-07 DISCUSS ADVISORY: http://secunia.com/advisories/40053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Battlefield 2, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the included game server when handling network packets. This can be exploited to trigger the execution of an infinite loop and hang an affected server via a specially crafted UDP packet. SOLUTION: Apply patch 1.50. PROVIDED AND/OR DISCOVERED BY: Francis Lavoie-Renaud ORIGINAL ADVISORY: http://aluigi.freeforums.org/battlefield-2-crash-t927.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 15:24:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 00:24:04 +0200 Subject: [SEC] [SA40086] Debian update for bind9 Message-ID: <201006072224.o57MO4OX011556@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Debian update for bind9 SECUNIA ADVISORY ID: SA40086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40086 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for bind9. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache. For more information: SA38219 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2054-1: http://lists.debian.org/debian-security-announce/2010/msg00097.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 15:44:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 00:44:49 +0200 Subject: [SEC] [SA40083] Debian update for zonecheck Message-ID: <201006072244.o57MinJL032253@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Debian update for zonecheck SECUNIA ADVISORY ID: SA40083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40083 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for zonecheck. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA39940 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2056-1: http://lists.debian.org/debian-security-announce/2010/msg00099.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 16:10:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 01:10:12 +0200 Subject: [SEC] [SA40056] Battlefield 2142 Packet Processing Infinite Loop Vulnerability Message-ID: <201006072310.o57NACMe020779@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Battlefield 2142 Packet Processing Infinite Loop Vulnerability SECUNIA ADVISORY ID: SA40056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40056 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Battlefield 2142, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40053 The vulnerability is reported in version 1.50 (1.10.48.0). Other versions may also be affected. SOLUTION: Host games in trusted networks only. PROVIDED AND/OR DISCOVERED BY: Originally reported by Francis Lavoie-Renaud in Battlefield 2. Reported in Battlefield 2142 by Luigi Auriemma. ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/bf2loop-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jun 7 16:25:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 01:25:06 +0200 Subject: [SEC] [SA40070] OpenOffice.org Data Manipulation and Code Execution Vulnerabilities Message-ID: <201006072325.o57NP6Nm008812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA40070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system. 1) An error in the TLS protocol while handling session re-negotiations in included libraries can be exploited to manipulate session data. For more information see vulnerability #1 in: SA37291 2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code. The vulnerabilities are reported in versions prior to 3.2.1. SOLUTION: Update to version 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 10:28:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 19:28:24 +0200 Subject: [SEC] [SA40109] Sun Solaris Sendmail SSL Certificate Spoofing Vulnerability Message-ID: <201006081728.o58HSOxW013197@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Sun Solaris Sendmail SSL Certificate Spoofing Vulnerability SECUNIA ADVISORY ID: SA40109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40109 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA37998 The vulnerability is reported in Solaris 10 for both the SPARC and x86 platforms, and OpenSolaris. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 11:27:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 20:27:59 +0200 Subject: [SEC] [SA38176] Microsoft Windows OpenType Compact Font Format Driver Vulnerability Message-ID: <201006081827.o58IRxml003242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Windows OpenType Compact Font Format Driver Vulnerability SECUNIA ADVISORY ID: SA38176 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38176/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38176 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/38176/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38176/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38176 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Chris Carton has discovered a vulnerability in Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to a boundary error in the Windows OpenType Compact Font Format (CFF) driver and can be exploited to overwrite kernel memory with an arbitrary number of 0 bytes when getting a glyph outline. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Chris Carton of Laserforce International, reported through Secunia ORIGINAL ADVISORY: MS10-037 (KB980218): http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 12:26:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 21:26:54 +0200 Subject: [SEC] [SA40082] Microsoft Office XP COM Object Instantiation Validation Vulnerability Message-ID: <201006081926.o58JQsCM025673@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Office XP COM Object Instantiation Validation Vulnerability SECUNIA ADVISORY ID: SA40082 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40082/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40082 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40082/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40082/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40082 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office XP, which can be exploited by malicious people to compromise a user's system. For more information: SA40068 Successful exploitation allows execution of arbitrary code. SOLUTION: Do not open untrusted Office documents. According to the vendor, patches will not be made available as it would require a major rearchitecture effort. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 13:27:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 22:27:42 +0200 Subject: [SEC] [SA40036] Microsoft Internet Explorer Developer Tools ActiveX Control Vulnerability Message-ID: <201006082027.o58KRgNR015784@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Developer Tools ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA40036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40036 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the Internet Explorer Developer Tools ActiveX Control (iedvtool.dll). This can be exploited to cause a system state corruption and execute arbitrary code via a specially crafted web page. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Chris Ries, Carnegie Mellon University Computing Services. ORIGINAL ADVISORY: MS10-034 (KB980195): http://www.microsoft.com/technet/security/Bulletin/MS10-034.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 14:22:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 23:22:02 +0200 Subject: [SEC] [SA40080] Microsoft .NET Framework XML Signature HMAC Truncation Security Issue Message-ID: <201006082122.o58LM22m005602@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft .NET Framework XML Signature HMAC Truncation Security Issue SECUNIA ADVISORY ID: SA40080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40080 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Microsoft has acknowledged a security issue in Microsoft .NET Framework, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures. For more information: SA35854 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: MS10-041 (KB979904, KB979906, KB979907, KB979909, KB979910, KB979911, KB979913, KB979916, and KB982865): http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 14:43:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 23:43:17 +0200 Subject: [SEC] [SA37500] Microsoft Office Excel Multiple Vulnerabilities Message-ID: <201006082143.o58LhHKe026319@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37500 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/37500/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=37500 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/37500/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/37500/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=37500 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system. 1) Insufficient input validation when parsing a certain record type may lead to a variety of errors including corruption of data on the stack. 2) An uninitialised variable being used while copying data during parsing of certain records may cause a buffer overflow. 3) An unspecified error when parsing certain records can be exploited to corrupt memory. 4) An error when parsing OBJ records can be exploited to cause a stack-based buffer overflow. 5) An unspecified error when parsing certain records can be exploited to corrupt memory. 6) An unspecified error when parsing certain records can be exploited to corrupt memory. 7) An unspecified error when parsing RTD records can be exploited to corrupt memory. 8) An unspecified error when parsing certain records can be exploited to corrupt memory. 9) An unspecified error when parsing HFPicture records can be exploited to corrupt memory. 10) An unspecified error when parsing certain records can be exploited to corrupt memory. 11) An unspecified error when parsing certain records can be exploited to corrupt memory. 12) An unspecified error when parsing chart sheet substreams can be exploited to corrupt memory. 13) An unspecified error when parsing certain records can be exploited to corrupt memory. Successful exploitation of vulnerabilities #1 through #13 may allow execution of arbitrary code. 14) Open XML File Format Converter for Mac installs itself insecurely, changing the file system ACLs on the "/Applications" folder in a way that allows all access to the files in the folder. This can e.g. be exploited by local users to replace files with malicious executables and wait for another user to run them. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 2) Carsten Eiram, Secunia Research. The vendor credits: 3) An anonymous person, working with ZDI. 4-11) Nicolas Joly, Vupen. 12) Bing Liu, Fortinet FortiGuard Labs. 13) An anonymous person, working with ZDI. 14) Rick Glaspie ORIGINAL ADVISORY: MS10-038 (KB982133, KB982299, KB982308, KB982331, KB982333, KB2027452, KB2028864, KB2028866, KB2078051): http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx Secunia Research: http://secunia.com/secunia_research/2009-54/ http://secunia.com/secunia_research/2009-59/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 14:59:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Jun 2010 23:59:53 +0200 Subject: [SEC] [SA40062] Microsoft Internet Explorer Multiple Vulnerabilities Message-ID: <201006082159.o58Lxrq1014530@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40062 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40062/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40062 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40062/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40062/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40062 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. 1) An error in the sanitisation of HTML code within the "toStaticHTML()" method can be exploited to conduct cross-site scripting attacks and potentially disclose sensitive information. Successful exploitation requires a web site that uses the "toStaticHTML" API. This vulnerability only affects the Quirk rendering mode in Internet Explorer 8. This vulnerability is related to vulnerability #1 in: SA40076 2) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page. 3) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt. 4) Another unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt. 5) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page. Successful exploitation of vulnerabilities #2 through #5 allows execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chris Weber of Casaba Security and Takeshi Terada 2) Michal Zalewski, Google Inc. 3, 4) Chris Rohlf, Matasano Security. 5) Peter Vreugdenhil, working with ZDI. ORIGINAL ADVISORY: MS10-035 (KB982381): http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 15:23:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 00:23:10 +0200 Subject: [SEC] [SA40079] Microsoft Internet Information Services Authentication Memory Corruption Message-ID: <201006082223.o58MNAr1002947@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Information Services Authentication Memory Corruption SECUNIA ADVISORY ID: SA40079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40079 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Internet Information Services, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to improper handling of authentication tokens and can be exploited to corrupt memory via a specially a crafted authentication packet. Successful exploitation requires the "Extended Protection for Authentication" feature to be enabled (disabled by default). SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-040 (KB982666): http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 15:45:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 00:45:03 +0200 Subject: [SEC] [SA39655] Microsoft Windows Kernel-Mode Drivers Three Vulnerabilities Message-ID: <201006082245.o58Mj3t9023690@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kernel-Mode Drivers Three Vulnerabilities SECUNIA ADVISORY ID: SA39655 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39655/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39655 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/39655/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39655/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39655 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a user's system. 1) A boundary error in win32k.sys when providing a TrueType glyph outline can be exploited to cause a buffer overflow when viewing content rendered in a specially crafted TrueType font. Successful exploitation may allow execution of arbitrary code if a user e.g. views a malicious web page using certain versions of Opera browser. Other applications may also provide valid, remote attack vectors. 2) Insufficient validation of changes in certain kernel objects can be exploited to potentially run code in kernel-mode, allowing privilege escalation. 3) Insufficient validation of all callback parameters when creating new windows can be exploited to run code in kernel-mode, allowing privilege escalation. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Publicly discussed as a bug in Opera 10.5. Additional information provided by Secunia Research. 2) The vendor credits Sebastien Renaud, Vupen. 3) Reported by the vendor. ORIGINAL ADVISORY: MS10-032 (KB979559): http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 16:09:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 01:09:48 +0200 Subject: [SEC] [SA40058] Microsoft Windows Media Decompression Two Vulnerabilities Message-ID: <201006082309.o58N9mOM012172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Media Decompression Two Vulnerabilities SECUNIA ADVISORY ID: SA40058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40058 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the handling of compression data can be exploited via a specially crafted media file. 2) An unspecified error in the handling of compression data can be exploited via a specially crafted MJPEG video file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yamata Li, Palo Alto Networks. ORIGINAL ADVISORY: MS10-033 (KB979902, KB975562, KB978695, KB979332, KB979482) http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 16:23:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 01:23:30 +0200 Subject: [SEC] [SA40059] Microsoft Data Analyzer ActiveX Control Vulnerability Message-ID: <201006082323.o58NNUP9032559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Data Analyzer ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA40059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40059 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Data Analyzer, which can be exploited by malicious people to compromise a user's system. This is related to: SA38503 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Shaun Colley, NGS Software. ORIGINAL ADVISORY: MS10-034 (KB980195): http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 16:43:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 01:43:46 +0200 Subject: [SEC] [SA40068] Microsoft Office COM Object Instantiation Validation Vulnerability Message-ID: <201006082343.o58NhkN1020836@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Office COM Object Instantiation Validation Vulnerability SECUNIA ADVISORY ID: SA40068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40068 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient validation when instantiating COM objects and can be exploited by tricking a user into opening a specially crafted Office file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-036 (KB982122, KB982124, KB982126, KB982127, KB982133, KB982134, KB982135, KB982157, KB982158, KB982308, KB982311, KB982312, KB983235): http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 17:10:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 02:10:16 +0200 Subject: [SEC] [SA40052] Red Hat update for perl Message-ID: <201006090010.o590AGIk009407@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Red Hat update for perl SECUNIA ADVISORY ID: SA40052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40052 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for perl. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions. 1) Some vulnerabilities are caused due to the reintroduction of CVE-2004-0452 and CVE-2005-0448. For more information: SA13643 SA14531 2) Two security issues can be exploited by malicious people to bypass certain security restrictions. For more information: SA40049 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0458.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 17:22:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 02:22:01 +0200 Subject: [SEC] [SA40049] Red Hat update for perl Message-ID: <201006090022.o590M1wC029686@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Red Hat update for perl SECUNIA ADVISORY ID: SA40049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40049 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for perl. This fixes two security issues, which can be exploited by malicious people to bypass certain security restrictions. 1) The Safe module does not properly restrict code of implicitly called methods (e.g. "destroy" and "autoload"), which can be exploited to bypass Safe module restrictions and execute arbitrary perl code outside of a Safe compartment. 2) The Safe module does not properly restrict code in a Safe compartment which is executed out of the compartment via a subroutine reference. This can be exploited to bypass Safe module restrictions and execute arbitrary perl code outside of a Safe compartment. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Red Hat credits Nick Cleaton. 2) Red Hat credits Tim Bunce and Rafael Garcia-Suarez. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0457.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 17:42:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 02:42:55 +0200 Subject: [SEC] [SA40090] log1 CMS Two Vulnerabilities Message-ID: <201006090042.o590gtGw017994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: log1 CMS Two Vulnerabilities SECUNIA ADVISORY ID: SA40090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40090 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in log1 CMS, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) A vulnerability is caused due to admin/main.php not terminating after sending a HTTP "Location:" header. This can be exploited to access administrative functions and e.g. conduct script insertion attacks or upload files. 2) An error in the verification of file uploads can be exploited to upload files with arbitrary extensions to "db/uploaded/" and e.g execute arbitrary PHP code. Successful exploitation requires authentication, but can be exploited in combination with vulnerability #1. The vulnerabilities are confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that proper authentication is performed. Grant only trusted users access to the application. PROVIDED AND/OR DISCOVERED BY: 1) High-Tech Bridge SA 2) Otto Chriek ORIGINAL ADVISORY: 1) http://www.htbridge.ch/advisory/xss_vulnerability_in_log1cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 17:54:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 02:54:56 +0200 Subject: [SEC] [SA40061] CyberHost Sales System "id" SQL Injection Vulnerability Message-ID: <201006090054.o590su5B005897@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CyberHost Sales System "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40061 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CyberHost Sales System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to default.asp (when "gb" is set to "paketayrinti") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: redst0rm ORIGINAL ADVISORY: http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 18:07:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 03:07:59 +0200 Subject: [SEC] [SA40069] Greeting Cards Script Arbitrary File Upload Vulnerability Message-ID: <201006090107.o5917x5m026258@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Greeting Cards Script Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA40069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40069 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Greeting Cards Script, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the validation of uploaded image files while creating a new card. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. SOLUTION: Restrict access to the cards/ directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Mr.Benladen OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 18:22:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 03:22:10 +0200 Subject: [SEC] [SA40075] Core FTP mini-sftp-server Directory Traversal and Buffer Overflow Message-ID: <201006090122.o591MAOB014258@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Core FTP mini-sftp-server Directory Traversal and Buffer Overflow SECUNIA ADVISORY ID: SA40075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40075 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: leinakesi has discovered two vulnerabilities in Core FTP mini-sftp-server, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system. For more information see vulnerabilities #2 and #3 in: SA39921 The vulnerabilities are confirmed in version 1.19. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: leinakesi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 18:42:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 03:42:56 +0200 Subject: [SEC] [SA40108] Fedora update for zikula Message-ID: <201006090142.o591gung002517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for zikula SECUNIA ADVISORY ID: SA40108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40108 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for zikula. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA39614 SA39677 SOLUTION: Apply updated packages using the yum utility ("yum update zikula"). ORIGINAL ADVISORY: FEDORA-2010-8464: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042478.html FEDORA-2010-8501: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042520.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 18:55:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 03:55:26 +0200 Subject: [SEC] [SA40110] Apple Safari HTTP Basic Authentication Information Disclosure Message-ID: <201006090155.o591tQe6022884@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Safari HTTP Basic Authentication Information Disclosure SECUNIA ADVISORY ID: SA40110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40110 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Apple Safari, which can be exploited by malicious people to potentially disclose sensitive information. For more information see security issue #2 in: SA39670 The security issue is confirmed in version 5.0 for Windows. Other versions may also be affected. SOLUTION: Do not authenticate to sites that use HTTP basic authentication and use redirections to different domains. PROVIDED AND/OR DISCOVERED BY: Vin Lisciandro OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 19:12:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 04:12:38 +0200 Subject: [SEC] [SA40106] Fedora update for mysql Message-ID: <201006090212.o592CcdF011513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for mysql SECUNIA ADVISORY ID: SA40106 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40106/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40106 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40106/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40106/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40106 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). For more information: SA39792 SOLUTION: Apply updated packages using the yum utility ("yum update mysql"). ORIGINAL ADVISORY: FEDORA-2010-9061: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042551.html FEDORA-2010-9053: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042535.html FEDORA-2010-9016: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042546.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 19:41:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 04:41:56 +0200 Subject: [SEC] [SA40097] Red Hat update for openoffice.org Message-ID: <201006090241.o592fulb032580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Red Hat update for openoffice.org SECUNIA ADVISORY ID: SA40097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40097 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA40070 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0459-1: https://rhn.redhat.com/errata/RHSA-2010-0459.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 19:53:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 04:53:47 +0200 Subject: [SEC] [SA40081] D.R. Software Audio Converter Playlist Parsing Buffer Overflow Message-ID: <201006090253.o592rlwB020486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: D.R. Software Audio Converter Playlist Parsing Buffer Overflow SECUNIA ADVISORY ID: SA40081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40081 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: chap0 has discovered a vulnerability in D.R. Software Audio Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when adding playlists and can be exploited to cause a stack-based buffer overflow via a specially crafted playlist file (e.g. ".pls"). The vulnerability is confirmed in version 8.1. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: chap0 ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-048-d-r-software-multiple-products/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 20:07:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 05:07:38 +0200 Subject: [SEC] [SA40105] Apple Safari Multiple Vulnerabilities Message-ID: <201006090307.o5937cIp008459@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to potentially execute arbitrary code. This is related to vulnerability #2 in: SA36096 2) The browser follows links containing arbitrary user information without warning, which can be exploited to facilitate phishing attacks via specially crafted URLs. 3) A use-after-free error when handling PDF files can be exploited to potentially execute arbitrary code. 4) An error in WebKit when handling clipboard URLs can be exploited to disclose sensitive files if a user is tricked into dragging or pasting links or images to a malicious website. 5) An error in WebKit when a selection from a website is dragged or pasted into another website can be exploited to potentially execute arbitrary JavaScript code in the context of the destination website. 6) An error in WebKit when handling UTF-7 encoded text can be exploited to leave an HTML quoted string unterminated and facilitate cross-site scripting attacks. 7) An input sanitation error in WebKit when handling Local Storage and Web SQL databases can be exploited to create database files in arbitrary directories via directory traversal attacks. 8) A use-after-free error in WebKit when rendering HTML buttons can be exploited to potentially execute arbitrary code. 9) A use-after-free error in WebKit when handling attribute manipulations can be exploited to potentially execute arbitrary code. 10) An error in WebKit when handling HTML document fragments can be exploited to execute arbitrary JavaScript code in a legitimate context processing foreign HTML fragments. 11) An error in WebKit when handling keyboard focus can be exploited to deliver key press events intended for a different frame. 12) An error in WebKit when handling DOM constructor objects can be exploited to conduct cross-site scripting attacks. 13) A use-after-free error in WebKit when handling the removal of container elements can be exploited to potentially execute arbitrary code. 14) A use-after-free error in WebKit when rendering a selection at the time of a layout change can be exploited to potentially execute arbitrary code. 15) An error in WebKit when handling ordered list insertions can be exploited to corrupt memory and potentially execute arbitrary code. 16) An uninitialised memory access error in WebKit when handling selection changes on form input elements can be exploited to potentially execute arbitrary code. 17) A use-after-free error in WebKit when handling caption elements can be exploited to potentially execute arbitrary code. 18) A use-after-free error in WebKit when handling the ":first-letter" pseudo-element in cascading stylesheets can be exploited to potentially execute arbitrary code. 19) A double-free error in WebKit when handling event listeners in SVG documents can be exploited to potentially execute arbitrary code. 20) An uninitialised memory access error in WebKit when handling "use" elements in SVG documents can be exploited to potentially execute arbitrary code. 21) A use-after-free error in WebKit when handling SVG documents with multiple "use" elements can be exploited to potentially execute arbitrary code. 22) An error in WebKit when handling nested "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) A use-after-free error in WebKit when handling CSS run-ins can be exploited to potentially execute arbitrary code. 24) A use-after-free error in WebKit when handling HTML elements with custom vertical positioning can be exploited to potentially execute arbitrary code. 25) An error exists in WebKit when visiting HTTPS websites redirecting to HTTP websites. This can be exploited to disclose potentially sensitive information contained in the HTTPS URL by reading the "Referer" header. 26) An integer truncation error in WebKit when handling TCP requests can be exploited to pass arbitrary data to arbitrary TCP ports. 27) An error in WebKit when processing connections to IRC ports can be exploited to send arbitrary data to arbitrary IRC servers. 28) A use-after-free error in WebKit when handling hover events can be exploited to potentially execute arbitrary code. 29) An error in WebKit can be exploited to read NTLM credentials that are incorrectly transmitted in plain-text via Man-in-the-Middle (MitM) attacks. 30) A use-after-free error in WebKit when handling the "removeChild" DOM method can be exploited to potentially execute arbitrary code. 31) An error in WebKit when handling libxml contexts can be exploited to potentially execute arbitrary code. 32) An error in WebKit when handling a canvas with an SVG image pattern can be exploited to load and capture an image from another website. 33) An error in WebKit when rendering CSS-styled HTML content with multiple ":after" pseudo-selectors can be exploited to corrupt memory and potentially execute arbitrary code. 34) An error in WebKit when handling the "src" attribute of a frame element can be exploited to facilitate cross-site scripting attacks. 35) A use-after-free error in WebKit when handling drag and drop operations can be exploited to potentially execute arbitrary code. 36) An error in the implementation of the JavaScript "execCommand" function can be exploited to modify the contents of the clipboard. 37) An error when handling malformed URLs can be exploited to bypass the same-origin policy and execute arbitrary script code in the context of a different domain. 38) A use-after-free error in WebKit when handling DOM "Range" objects can be exploited to potentially execute arbitrary code. 39) A use-after-free error in WebKit when handling the "Node.normalize()" method can be exploited to potentially execute arbitrary code. 40) A use-after-free error in WebKit when rendering HTML document subtrees can be exploited to potentially execute arbitrary code. 41) An error in WebKit when handling HTML content in "textarea" elements can be exploited to conduct cross-site scripting attacks. 42) An error in WebKit when visiting a website which redirects form submissions to a redirecting website can be exploited disclose submitted data. 43) A type checking error in WebKit when handling text nodes can be exploited to potentially execute arbitrary code. 44) A use-after-free error in WebKit when handling fonts can be exploited to potentially execute arbitrary code. 45) An error in WebKit when handling HTML tables can be exploited to trigger an out-of-bounds memory access and potentially execute arbitrary code. 46) An error in WebKit when handling the CSS ":visited" pseudo-class can be exploited to disclose visited websites. SOLUTION: Update to version 4.1 (available only for Mac OS X v10.4 systems) or upgrade to version 5.0. PROVIDED AND/OR DISCOVERED BY: 37) Michal Zalewski The vendor also credits: 1) Chris Evans of the Google Security Team, and Andrzej Dyjak 2) Abhishek Arya of Google 3) Borja Marcos of Sarenet 4) Eric Seidel of Google 5) Paul Stone of Context Information Security 6) Masahiro Yamada 8) Matthieu Bonetti of Vupen 9) Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative 10, 41) Eduardo Vela Nava (sirdarckcat) of Google 11) Michal Zalewski of Google 12) Gianni "gf3" Chiappetta of Runlevel6 13, 15, 16, 18, 19, 20, 21, 23, 43) wushi of team509, working with TippingPoint's Zero Day Initiative 14) wushi and Z of team509, working with TippingPoint's Zero Day Initiative 17) regenrecht working with iDefense 22, 31) Aki Helin of OUSPG 24) Ojan Vafai of Google 25) Colin Percival of Tarsnap 28) Dave Bowker 30) Mark Dowd of Azimuth Security 32) Chris Evans of Google 33, 45) wushi of team509 34) Sergey Glazunov 35) kuzzcc, and Skylined of Google Chrome Security Team 38) Yaar Schnitman of Google 39) Mark Dowd 40) James Robinson of Google 42) Marc Worrell of WhatWebWhat ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4196 Michal Zalewski: http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 20:21:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 05:21:02 +0200 Subject: [SEC] [SA40035] Debian update for mysql-dfsg Message-ID: <201006090321.o593L2Fr028830@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Debian update for mysql-dfsg SECUNIA ADVISORY ID: SA40035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40035 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mysql-dfsg. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to manipulate certain data, by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service). For more information: SA39454 SA39792 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2057-1: http://lists.debian.org/debian-security-announce/2010/msg00100.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 20:41:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 05:41:43 +0200 Subject: [SEC] [SA40054] Motorola SURFBoard SBV6120E Directory Traversal Vulnerability Message-ID: <201006090341.o593fhEH017117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Motorola SURFBoard SBV6120E Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40054 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Motorola SURFBoard SBV6120E, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error when handling certain HTTP requests. This can be exploited to e.g. disclose potentially sensitive information via directory traversal attacks. The vulnerability is reported in firmware version SBV6X2X-1.0.0.5-SCM-02-SHPC. Other versions may also be affected. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: S2 Crew ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12865/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 20:53:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 05:53:57 +0200 Subject: [SEC] [SA40107] Fedora update for openoffice.org Message-ID: <201006090353.o593rv4g005036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for openoffice.org SECUNIA ADVISORY ID: SA40107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40107 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openoffice.org. This fixes a vulnerability , which can be exploited by malicious people to compromise a user's system. For more information: SA40070 SOLUTION: Apply updated packages using the yum utility ("yum update openoffice.org"). ORIGINAL ADVISORY: FEDORA-2010-9628: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html FEDORA-2010-9576: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html FEDORA-2010-9633: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 21:07:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 06:07:02 +0200 Subject: [SEC] [SA40077] fileNice "sstring" Cross-Site Scripting Vulnerability Message-ID: <201006090407.o59472uQ025384@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: fileNice "sstring" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40077 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in fileNice, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "sstring" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: XroGuE ORIGINAL ADVISORY: http://packetstormsecurity.org/1006-exploits/filenicescript-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 21:21:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 06:21:04 +0200 Subject: [SEC] [SA40087] iScripts eSwap "txtHomeSearch" Cross-Site Scripting Vulnerability Message-ID: <201006090421.o594L4TJ013382@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: iScripts eSwap "txtHomeSearch" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40087 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in iScripts eSwap, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "txtHomeSearch" parameter in search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 21:42:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 06:42:04 +0200 Subject: [SEC] [SA40088] iScripts EasyBiller "planid" SQL Injection Vulnerability Message-ID: <201006090442.o594g4ed001625@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: iScripts EasyBiller "planid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40088 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in iScripts EasyBiller, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "planid" parameter in viewhistorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 21:54:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 06:54:02 +0200 Subject: [SEC] [SA40104] Ubuntu update for openoffice.org Message-ID: <201006090454.o594s20X021990@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openoffice.org SECUNIA ADVISORY ID: SA40104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40104 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA40070 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-949-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-June/001102.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jun 8 22:06:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 07:06:58 +0200 Subject: [SEC] [SA40099] PHP Car Hire Script "id" SQL Injection Vulnerability Message-ID: <201006090506.o5956wjw009920@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: PHP Car Hire Script "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40099 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PHP Car Hire Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to group.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 10:27:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 19:27:20 +0200 Subject: [SEC] [SA40102] CubeCart "shipKey" SQL Injection Vulnerability Message-ID: <201006091727.o59HRKTQ030670@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: CubeCart "shipKey" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40102 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CubeCart, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "shipKey" in index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in CubeCart 4.3.9. Prior versions may also be affected. SOLUTION: Update to CubeCart 4.4.0 or greater. ORIGINAL ADVISORY: CubeCart: http://forums.cubecart.com/index.php?showtopic=41469?read=1 CORE-2010-0415: http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 11:27:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 20:27:15 +0200 Subject: [SEC] [SA40129] PhreeBooks Script Insertion and Local File Inclusion Vulnerabilities Message-ID: <201006091827.o59IRFto020750@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: PhreeBooks Script Insertion and Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA40129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40129 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gustavo Sorondo has discovered some vulnerabilities in PhreeBooks, which can be exploited by malicious users to conduct script insertion attacks and disclose sensitive information. 1) Input passed via the "cm_primary_name" parameter to index.php while adding a new customer, the "vm_primary_name" parameter to index.php while adding a new vendor, and the "em_primary_name" parameter to index.php while adding a new employee is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add" privileges for "Maintain Customers", "Maintain Vendors", or "Maintain Employees". 2) Input passed via the "description_short" parameter to index.php while adding or editing an inventory item is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Full" privileges for "Edit/Maintain" in "Inventory". 3) Input passed via the "cat" and the "language" parameters to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Gustavo Sorondo, Cybsec OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 12:26:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 21:26:55 +0200 Subject: [SEC] [SA40094] Comodo Internet Security Kernel Hook "Argument Switching" Security Bypass Message-ID: <201006091926.o59JQtnt010814@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Comodo Internet Security Kernel Hook "Argument Switching" Security Bypass SECUNIA ADVISORY ID: SA40094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40094 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Comodo Internet Security, which can be exploited by malicious, local users to bypass certain security features. The weakness is caused due to the application not properly implementing security checks in certain kernel hooks, which can be exploited to bypass those checks by changing the arguments after the check but prior to their use by the system call. SOLUTION: Update to version 4.1.149672.916. PROVIDED AND/OR DISCOVERED BY: matousec.com ORIGINAL ADVISORY: matousec.com: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php Comodo: http://personalfirewall.comodo.com/release_notes.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 13:27:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 22:27:14 +0200 Subject: [SEC] [SA40096] IBM WebSphere Application Server for z/OS Multiple Vulnerabilities Message-ID: <201006092027.o59KRE0O000832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40096 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in IBM WebSphere Application Server for z/OS, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, conduct cross-site scripting attacks, and cause a DoS (Denial of Service). 1) Sensitive information can be disclosed when SIP (Session Initiation Protocol) tracing is enabled. For more information see vulnerability #1: SA39628 2) Sensitive information may be written to the "default_create.log" file when a profile is created using zPMT and the BBOWWPFx job completes on the target system. 3) An unspecified error can be exploited to inject links. No further information is currently available. 4) An error in multi-threaded Multi-Processing Module (MPM) can be exploited to disclose potentially sensitive information. For more information see vulnerability #3: SA38776 5) Certain unspecified input is not properly sanitised in the administrative console before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) A vulnerability in mod_proxy_ajp module can be exploited to cause a DoS (Denial of Service). For more information see vulnerability #1: SA38776 NOTE: Certain sensitive information may also be disclosed during node federation using the addNode "-trace" option. SOLUTION: Apply APARs PM08892, PM08939, PM09250, PM10270, PM10684, and PM11778 or update to Fix Pack 11 (7.0.0.11) when it becomes available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM08892, PM08939, PM09250, PM10270, PM10684, PM11778, PM15829, and PM15830): http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10684 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 14:20:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 23:20:57 +0200 Subject: [SEC] [SA40122] MCLogin System "myusername" SQL Injection Vulnerability Message-ID: <201006092120.o59LKvHF023091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: MCLogin System "myusername" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40122 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MCLogin System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "myusername" parameter to login_index.php (when "action" is set to "do_login") is not properly sanitised before being used in SQL queries in class/login_class.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: L0rd CrusAd3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 14:43:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Jun 2010 23:43:43 +0200 Subject: [SEC] [SA40101] HP OpenView Network Node Manager Buffer Overflow Vulnerabilities Message-ID: <201006092143.o59LhhTn011492@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40101 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error when creating an error message within ovwebsnmpsrv.exe can be exploited to cause a buffer overflow via a specially crafted HTTP request sent to the "jovgraph.exe" CGI program. 2) A boundary error within "getProxiedStorageAddress()" in ovutil.dll can be exploited to cause a buffer overflow via overly large values passed to variables in an HTTP request sent to the "jovgraph.exe" CGI program. The vulnerabilities are reported in HP OpenView Network Node Manager 7.51 and 7.53 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: An anonymous person, reported via ZDI. ORIGINAL ADVISORY: HP (HPSBMA02537 SSRT010027): https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02217439 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-105/ http://www.zerodayinitiative.com/advisories/ZDI-10-106/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 15:09:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 00:09:56 +0200 Subject: [SEC] [SA40126] Fedora update for ircd-ratbox Message-ID: <201006092209.o59M9utP032539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for ircd-ratbox SECUNIA ADVISORY ID: SA40126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40126 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ircd-ratbox. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA38210 SOLUTION: Apply updated packages using the yum utility ("yum update ircd-ratbox"). ORIGINAL ADVISORY: FEDORA-2010-9312: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042574.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 15:23:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 00:23:26 +0200 Subject: [SEC] [SA40123] Fedora update for exim Message-ID: <201006092223.o59MNQ22020519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for exim SECUNIA ADVISORY ID: SA40123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40123 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for exim. This fixes two weaknesses, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA40019 SOLUTION: Apply updated packages using the yum utility ("yum update exim"). ORIGINAL ADVISORY: FEDORA-2010-9506: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html FEDORA-2010-9524: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 15:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 00:44:28 +0200 Subject: [SEC] [SA40124] Fedora update for xinha Message-ID: <201006092244.o59MiSAL008845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for xinha SECUNIA ADVISORY ID: SA40124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40124 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for xinha. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA39782 SOLUTION: Apply updated packages using the yum utility ("yum update xinha"). ORIGINAL ADVISORY: FEDORA-2010-9320: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 16:10:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 01:10:44 +0200 Subject: [SEC] [SA40125] Fedora update for ircd-hybrid Message-ID: <201006092310.o59NAi4v029790@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Fedora update for ircd-hybrid SECUNIA ADVISORY ID: SA40125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40125 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ircd-hybrid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA38381 SOLUTION: Apply updated packages using the yum utility ("yum update ircd-hybrid"). ORIGINAL ADVISORY: FEDORA-2010-9312: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042575.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 16:42:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 01:42:58 +0200 Subject: [SEC] [SA40113] Rayzz Photoz "profileCommentTextArea" Script Insertion Vulnerability Message-ID: <201006092342.o59NgwFg018623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Rayzz Photoz "profileCommentTextArea" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40113 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Rayzz Photoz, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "profileCommentTextArea" parameter to members/profileCommentsResponse.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 16:55:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 01:55:04 +0200 Subject: [SEC] [SA40095] SilverStripe File Renaming Security Issue Message-ID: <201006092355.o59Nt4KF006538@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: SilverStripe File Renaming Security Issue SECUNIA ADVISORY ID: SA40095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40095 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in SilverStripe, which can be exploited by malicious users to compromise a vulnerable system. The security issue is caused due an error while renaming uploaded files. This can be exploited to rename and assign an arbitrary extension to a file. Successful exploitation requires "Files & Images" permissions and allows to execute arbitrary PHP code if support for .htaccess files is disabled or the "AllowOverride" directive does not specify "FileInfo". The security issue is confirmed in version 2.4.0. Other versions may also be affected. SOLUTION: Grant only trusted users "Files & Images" permissions. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/06/silverstripe-cms-240-arbitrary-upload.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 17:10:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 02:10:37 +0200 Subject: [SEC] [SA39942] odCMS Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201006100010.o5A0Abpe027011@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: odCMS Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA39942 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39942/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39942 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/39942/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39942/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39942 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered multiple vulnerabilities in odCMS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "Page" parameter in _main/index.php, _members/index.php, _forum/index.php, _docs/index.php, and _announcements/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerabilities are confirmed in version 1.06. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by Russ McRee via Secunia. ORIGINAL ADVISORY: Russ McRee (HIO-2010-0523): http://holisticinfosec.org/content/view/146/45/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jun 9 17:23:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 02:23:38 +0200 Subject: [SEC] [SA40072] Google Chrome Multiple Vulnerabilities Message-ID: <201006100023.o5A0NcRi014971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40072 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, or potentially compromise a vulnerable system. 1) An unspecified error exists related to cross-origin keystroke redirection. No further information is currently available. 2) An unspecified error can be exploited to bypass cross-origin restrictions in DOM methods. 3) An unspecified error related to table layouts can be exploited to corrupt memory. 4) An unspecified error can be exploited to escape the sandbox on the Linux platform. 5) An unspecified error exists related to a stale pointer. No further information is currently available. 6) An unspecified error related to DOM node normalisation can be exploited to corrupt memory. 7) An unspecified error related to text transforms can be exploited to corrupt memory. 8) An error related to the "innerHTML" property of textarea can be exploited to conduct cross-site scripting attacks. 9) An unspecified error related to font handling can be exploited to corrupt memory. 10) An unspecified error exists due to Geolocation events firing after document deletion. No further information is currently available. 11) An unspecified error related to the rendering of list markers can be exploited to corrupt memory. The vulnerabilities are reported in versions prior to 5.0.375.70. SOLUTION: Update to version 5.0.375.70. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Michal Zalewski, Google Security Team 2) Sergey Glazunov 3, 7) wushi of team509 4, 5, 6) Mark Dowd 8) sirdarckcat, Google Security Team 9, 11) Apple 10) Google Chrome Security Team (Justin Schuh) ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 10:26:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 19:26:51 +0200 Subject: [SEC] [SA40137] Nuggetz CMS Cross-Site Request Forgery Vulnerability Message-ID: <201006101726.o5AHQpT5010026@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Nuggetz CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40137 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Nuggetz CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the contents of the website when a logged in administrative user visits a specially crafted web site. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Update to Nuggetz CMS 1.0.3. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge ORIGINAL ADVISORY: Nuggetz CMS: http://www.nuggetz.co.uk/versionhistory.htm High-Tech Bridge: http://www.htbridge.ch/advisory/xss_vulnerability_in_nuggetz_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 11:26:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 20:26:43 +0200 Subject: [SEC] [SA40139] Webmedia Explorer Cross-Site Request Forgery Vulnerability Message-ID: <201006101826.o5AIQhxX032495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Webmedia Explorer Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40139 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Webmedia Explorer, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create a new article by tricking the administrator into visiting a malicious web site. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is confirmed in version 6.10.4. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_webmedia_explorer.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 12:27:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 21:27:04 +0200 Subject: [SEC] [SA40136] FlatnuX CMS Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201006101927.o5AJR4XK022608@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: FlatnuX CMS Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40136 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in FlatnuX CMS, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user tricking a logged in administrator into visiting a malicious web site. 2) Input passed via the "head" parameter to index.php (when "mod" is set to "news") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 2010-06-09. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_flatnux_cms.html http://www.htbridge.ch/advisory/xss_vulnerability_in_flatnux_cms_news_module.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 13:26:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 22:26:54 +0200 Subject: [SEC] [SA40121] Debian update for glibc and eglibc Message-ID: <201006102026.o5AKQsYf012688@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Debian update for glibc and eglibc SECUNIA ADVISORY ID: SA40121 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40121/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40121 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40121/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40121/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40121 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for glibc and eglibc. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system. 1) Integer overflows in the libc "strfmon()" function can be exploited to cause a crash or potentially execute arbitrary code via specially crafted format specifiers. 2) The mntent function family does not correctly handle newlines characters. This can be exploited to e.g. cause a DoS or gain escalated privileges, but requires that an attacker can inject newline characters into a mount entry (e.g. via vulnerable mount helpers). 3) A signedness error when processing certain ELF headers can be exploited to e.g. execute arbitrary code via a specially crafted ELF file. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Maksymilian Arciemowicz 2) Jeff Layton and Dan Rosenberg 3) Dan Rosenberg ORIGINAL ADVISORY: DSA-2058-1: http://lists.debian.org/debian-security-announce/2010/msg00101.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 14:21:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 23:21:17 +0200 Subject: [SEC] [SA40103] Linksys WAP54G Undocumented Debug Interface Vulnerability Message-ID: <201006102121.o5ALLHUZ002498@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Linksys WAP54G Undocumented Debug Interface Vulnerability SECUNIA ADVISORY ID: SA40103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cristofaro Mune has reported a vulnerability in Linksys WAP54G, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to the device containing the undocumented "Debug_command_page.asp" and "debug.cgi" debug scripts. This can be exploited to e.g. gain root access by accessing the debug scripts using hard-coded credentials. The vulnerability is reported in version 3.05.03 and 3.04.03. Note: Reportedly, this only affects devices running a firmware approved for EMEA (Europe, Middle East, and Africa). Thus, devices sold in the USA or running US firmware versions are not affected. SOLUTION: Restrict access using a proxy or firewall. PROVIDED AND/OR DISCOVERED BY: Cristofaro Mune ORIGINAL ADVISORY: http://www.icysilence.org/?p=268 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jun 10 14:46:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Jun 2010 23:46:32 +0200 Subject: [SEC] [SA40093] Cisco Application Extension Platform Privilege Escalation Vulnerability Message-ID: <201006102146.o5ALkWmb023542@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Cisco Application Extension Platform Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA40093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40093 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Application Extension Platform, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to Cisco AXP users being able to use an application programming interface (API) to execute commands on the Cisco ISR and gain access to the ISR device. The vulnerability is reported in version 1.1 and version 1.1.5 if updated from version 1.1. SOLUTION: Update to version 1.1.7. PROVIDED AND/OR DISCOVERED BY: The vendor credit