From sec-adv at secunia.com Mon Nov 1 11:30:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 19:30:13 +0100 Subject: [SEC] [SA42063] Elastix Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201011011830.oA1IUDDj014993@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Elastix Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42063 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42063/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42063 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42063/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42063/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42063 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Elastix, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "nombre_paquete" parameter (when "menu" is set to "packages"), the "usersnum" parameter (when "display" is set to "recordings" and "menu" is set to "pbxconfig"), the "field_pattern" parameter (when "menu" is set to "cdrreport"), via the "busqueda" parameter (when "menu" is set to "asterisk_log"), via the "value_fil" parameter (when "menu" is set to "summary_by_extension"), via the "id" parameter (when "action" is set to "view" and "menu" is set to "grouplist"), and via the "filter_resource" parameter (when "menu" is set to "group_permission") to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: dave b ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0510.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 12:29:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 20:29:54 +0100 Subject: [SEC] [SA42084] GVim Insecure Library Loading Vulnerability Message-ID: <201011011929.oA1JTsrl005245@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GVim Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42084 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in GVim, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. python27.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TXT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu and invoking the Python interface via the ":py" command. The vulnerability is confirmed in version 7.3. Other versions may also be affected. SOLUTION: Update to version 7.3.46. PROVIDED AND/OR DISCOVERED BY: JVN credits Makoto Shiotsuki. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 13:29:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 21:29:52 +0100 Subject: [SEC] [SA42070] Project Jug Directory Traversal Vulnerability Message-ID: <201011012029.oA1KTq5k027951@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Project Jug Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42070 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Project Jug, which can be exploited by malicious people to disclose sensitive information. Input passed via the URL is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks (e.g. ".../"). The vulnerability is confirmed in version 1.0.0.0. Other versions may also be affected. SOLUTION: Use a proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/Project.Jug.Directory.Traversal/54 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 14:29:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 22:29:56 +0100 Subject: [SEC] [SA42080] SmartOptimizer Source Code Disclosure Vulnerability Message-ID: <201011012129.oA1LTtRZ018227@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SmartOptimizer Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA42080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42080 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Francois Harvey has reported a vulnerability in SmartOptimizer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error within the handling of HTTP requests containing a NULL character ("%00") and can be exploited to disclose the source code of certain scripts (e.g. .PHP) by including "%00" in the request. The vulnerability is reported in version 1.7. Other versions may also be affected. SOLUTION: Update to version 1.8. PROVIDED AND/OR DISCOVERED BY: Francois Harvey ORIGINAL ADVISORY: SmartOptimizer: http://farhadi.ir/works/smartoptimizer Francois Harvey: http://francoisharvey.ca/2010/10/meds-2010-5-injection-de-null-dans-smartoptimizer/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 15:23:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 23:23:56 +0100 Subject: [SEC] [SA42068] Home File Share Server Directory Traversal Vulnerability Message-ID: <201011012223.oA1MNupO008254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Home File Share Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42068 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Home File Share Server, which can be exploited by malicious users to disclose sensitive information. Input passed via the URL is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 0.7.2.32. Other versions may also be affected. SOLUTION: Use a proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/Home.File.Share.Server.0.7.2.32.Directory.Traversal/55 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 15:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Nov 2010 23:45:05 +0100 Subject: [SEC] [SA42066] Yaws Directory Traversal Vulnerability Message-ID: <201011012245.oA1Mj5xh029181@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Yaws Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42066 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Yaws, which can be exploited by malicious people to disclose sensitive information. Input passed via the URL is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks. Note: This may only affect the Windows version. The vulnerability is confirmed in version 1.89 on Windows. Other versions may also be affected. SOLUTION: Use a proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: Alejandro Hernandez H. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15371/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 16:16:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 00:16:55 +0100 Subject: [SEC] [SA42083] IBM Tivoli Directory Proxy Server Denial of Service Vulnerability Message-ID: <201011012316.oA1NGtSh018296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Directory Proxy Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42083 RELEASE DATE: 2010-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/42083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a use-after-free error when processing paged search results and can be exploited to cause the process to crash by requesting an unbind operation. Successful exploitation requires the server to be configured as a Proxy server. The vulnerability is reported in version 6.1 prior to Fix Pack 5. SOLUTION: Update to version 6.1 Fix Pack 5 (6.1.0-TIV-ITDS-FP0005) or apply APAR IO13282. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IO13282): http://www.ibm.com/support/docview.wss?uid=swg1IO13282 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 16:47:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 00:47:38 +0100 Subject: [SEC] [SA42073] Joomla! Flip Wall Component "catid" SQL Injection Vulnerability Message-ID: <201011012347.oA1Nlc8B007259@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Flip Wall Component "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42073 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Flip Wall component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to index.php (when "option" is set to "com_flipwall" and "controller" is set to "flipwall") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Fl0riX OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 17:13:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 01:13:30 +0100 Subject: [SEC] [SA42051] Xerox 4595 Copier/Printer Denial of Service Vulnerability Message-ID: <201011020013.oA20DUUh028423@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xerox 4595 Copier/Printer Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42051 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Xerox has acknowledged a vulnerability in Xerox 4595 Copier/Printer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can be exploited to cause the device to restart. Note: Successful exploitation requires that the product is connected to a network. SOLUTION: Update to firmware version 1.224.255 (requires assistance of a Xerox Customer Support Engineer). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits chap0, Corelan Team ORIGINAL ADVISORY: XRX10-004: http://www.xerox.com/downloads/usa/en/c/cert_XRX10-004_v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 17:46:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 01:46:51 +0100 Subject: [SEC] [SA42054] Fedora update for gnucash Message-ID: <201011020046.oA20kp8l017493@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for gnucash SECUNIA ADVISORY ID: SA42054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42054 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gnucash. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA42048 SOLUTION: Apply updated packages using the yum utility ("yum update gnucash"). ORIGINAL ADVISORY: FEDORA-2010-16622: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050164.html FEDORA-2010-16605: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050177.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 18:15:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 02:15:02 +0100 Subject: [SEC] [SA42052] ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities Message-ID: <201011020115.oA21F2K7006348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42052 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system. 1) A logic error within the "pr_netio_telnet_gets()" function in src/netio.c when processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. 2) An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Successful exploitation requires that ProFTPD is compiled with the "mod_site_misc" module and the attacker has write access to a directory. SOLUTION: Update to version 1.3.3c. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits an anonymous person via ZDI. 2) The vendor credits an anonymous person via SecuriTeam Secure Disclosure program. ORIGINAL ADVISORY: http://www.proftpd.org/docs/NEWS-1.3.3c 1) http://bugs.proftpd.org/show_bug.cgi?id=3521 2) http://bugs.proftpd.org/show_bug.cgi?id=3519 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 18:44:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 02:44:54 +0100 Subject: [SEC] [SA42078] Smallftpd Directory Traversal Vulnerability Message-ID: <201011020144.oA21is6Y027668@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Smallftpd Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42078 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Smallftpd, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an input validation error when downloading files and can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 1.0.3-fix. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Pr0T3cT10n ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15358/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 19:10:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 03:10:09 +0100 Subject: [SEC] [SA42006] WordPress cformsII Plugin "rs" and "rsargs" Script Insertion Vulnerabilities Message-ID: <201011020210.oA22A9Ig016384@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress cformsII Plugin "rs" and "rsargs" Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42006 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Wagner Elias has reported some vulnerabilities in the cformsII plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "rs" and "rsargs" parameters to wp-content/plugins/cforms/lib_ajax.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in version 11.5. Other versions may also be affected. SOLUTION: Update to version 11.6.1 or later. PROVIDED AND/OR DISCOVERED BY: Wagner Elias, Conviso IT Security. ORIGINAL ADVISORY: http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 19:24:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 03:24:44 +0100 Subject: [SEC] [SA42072] Joomla! Sponsor Wall Component "catid" SQL Injection Vulnerability Message-ID: <201011020224.oA22OipF004609@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Sponsor Wall Component "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42072 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Sponsor Wall component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to index.php (when "option" is set to "com_sponsorwall" and "controller" is set to "sponsorwall") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Fl0riX OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 19:45:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 03:45:23 +0100 Subject: [SEC] [SA42056] Fedora update for firefox and xulrunner Message-ID: <201011020245.oA22jNo1025539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for firefox and xulrunner SECUNIA ADVISORY ID: SA42056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42056 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SA41975 SOLUTION: Apply updated packages using the yum utility ("yum update firefox xulrunner"). ORIGINAL ADVISORY: FEDORA-2010-16885: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 20:14:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 04:14:43 +0100 Subject: [SEC] [SA42055] Fedora update for glibc Message-ID: <201011020314.oA23EhK5014943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for glibc SECUNIA ADVISORY ID: SA42055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42055 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for glibc. This fixes two weaknesses, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Apply updated packages using the yum utility ("yum update glibc"). ORIGINAL ADVISORY: FEDORA-2010-16641: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050175.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 20:43:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 04:43:51 +0100 Subject: [SEC] [SA42053] ACDSee Canvas Insecure Library Loading Vulnerability Message-ID: <201011020343.oA23hpM8003818@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ACDSee Canvas Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42053 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ACDSee Canvas, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. DWMAPI.dll, Wintab32.dll, and CV11-DialogEditor.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a CVX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 12 Build 1389. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 1 21:08:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 05:08:43 +0100 Subject: [SEC] [SA42048] GnuCash LD_LIBRARY_PATH Security Issue Message-ID: <201011020408.oA248hi2024937@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GnuCash LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA42048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42048 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in GnuCash, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the src/gnc-test-env script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in version 2.2.9. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Ludwig Nussel ORIGINAL ADVISORY: Red Hat Bug #644933: https://bugzilla.redhat.com/show_bug.cgi?id=644933 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 11:29:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 19:29:33 +0100 Subject: [SEC] [SA42058] XWiki Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201011021829.oA2ITXFA018894@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: XWiki Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42058 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in XWiki Enterprise, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 2.5. SOLUTION: Update to version 2.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.xwiki.org/xwiki/bin/view/Main/ReleaseNotesXWikiEnterprise25#HSecurityimprovements OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 12:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 20:30:14 +0100 Subject: [SEC] [SA42090] XWiki Watch Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201011021930.oA2JUE8t009209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: XWiki Watch Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42090 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: icetek has discovered some vulnerabilities in XWiki Watch, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "rev" parameter to e.g. xwiki/bin/viewrev/Main/WebHome or xwiki/bin/view/Blog is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "register_first_name" and "register_last_name" parameters to xwiki/bin/register/XWiki/Register is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: icetek OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 13:30:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 21:30:04 +0100 Subject: [SEC] [SA42065] Douran Portal Information Disclosure Weakness and Cross-Site Scripting Message-ID: <201011022030.oA2KU4C1031881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Douran Portal Information Disclosure Weakness and Cross-Site Scripting SECUNIA ADVISORY ID: SA42065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42065 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a weakness have been reported in Douran Portal, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks. 1) The weakness is caused due to the "security/DeviceInfo.aspx" script disclosing the full installation path via an error message when accessed directly. 2) Input passed via the "itemtitle" parameter to the "DesktopModules/Gallery/OrderForm.aspx" script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 3.9.7.55. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences via a proxy. Restrict access to security/DeviceInfo.aspx (e.g. via Web.config). PROVIDED AND/OR DISCOVERED BY: ItSecTeam OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 14:30:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 22:30:13 +0100 Subject: [SEC] [SA42067] Monkeysphere "monkeysphere-authentication" Privilege Escalation Vulnerability Message-ID: <201011022130.oA2LUDwC022173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Monkeysphere "monkeysphere-authentication" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42067 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Monkeysphere, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to an input validation error in the "monkeysphere-authentication" utility when processing the "authorized_user_ids" file and can be exploited to execute arbitrary shell commands by e.g. tricking an administrator into running the utility with the "keys-for-user" command. The vulnerability is reported in version 0.31 and 0.32. SOLUTION: Update to version 0.33 or later. PROVIDED AND/OR DISCOVERED BY: Reported by Mike O'Connor in a bug report. ORIGINAL ADVISORY: http://web.monkeysphere.info/news/CVE-2010-4096/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 15:24:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 23:24:17 +0100 Subject: [SEC] [SA42057] MemHT Portal "Referer" HTTP Header SQL Injection Vulnerability Message-ID: <201011022224.oA2MOHIX012197@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MemHT Portal "Referer" HTTP Header SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42057 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42057/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42057 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42057/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42057/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42057 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MemHT Portal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "Referer" HTTP header to e.g. index.php is not properly sanitised in inc/inc_getinfo.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is reported in versions 4.0.1 and prior. SOLUTION: The vendor has released an updated version 4.0.1, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: The vendor credits goffi. ORIGINAL ADVISORY: MemHT Portal: http://www.memht.com/news_136_Small-fix-for-MemHT-Portal-4-0-1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 15:45:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Nov 2010 23:45:10 +0100 Subject: [SEC] [SA42046] AVG Internet Security IOCTL Handling Denial of Service Message-ID: <201011022245.oA2MjAXQ000647@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AVG Internet Security IOCTL Handling Denial of Service SECUNIA ADVISORY ID: SA42046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42046 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in AVG Internet Security, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the avgtdix.sys driver when processing IOCTLs. This can be exploited to corrupt kernel memory and cause a crash via a specially crafted 0x830020C8 IOCTL. The vulnerability is reported in AVG Internet Security version 9.0.851 and 9.0.864 and avgtdix.sys version 9.0.0.832. Other versions may also be affected. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov, CISS Research Team ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15384/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 16:16:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 00:16:53 +0100 Subject: [SEC] [SA42050] Kandidat CMS Multiple Vulnerabilities Message-ID: <201011022316.oA2NGrao022224@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kandidat CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42050 RELEASE DATE: 2010-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/42050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Kandidat CMS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "title" POST parameter to admin/edit.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. change the administrator password by tricking an administrator into visiting a malicious web site while being logged in to the application. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerabilities are confirmed in version 1.4.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA Additional information provided by Secunia Research. ORIGINAL ADVISORY: HTB22649: http://www.htbridge.ch/advisory/xss_vulnerability_in_kandidat_cms_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 16:47:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 00:47:01 +0100 Subject: [SEC] [SA42026] Debian update for xulrunner Message-ID: <201011022347.oA2Nl1CG011159@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for xulrunner SECUNIA ADVISORY ID: SA42026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42026 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA41244 SA41957 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2124-1: http://lists.debian.org/debian-security-announce/2010/msg00174.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 17:13:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 01:13:08 +0100 Subject: [SEC] [SA42062] WSN Links Multiple SQL Injection Vulnerabilities Message-ID: <201011030013.oA30D8mk032327@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WSN Links Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42062 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42062/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42062 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42062/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42062/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42062 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in WSN Links, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "namecondition" and "namesearch" parameters to search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 6.0.1. SOLUTION: Update to version 6.0.1 or later. PROVIDED AND/OR DISCOVERED BY: Mark Stanislav ORIGINAL ADVISORY: Mark Stanislav: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 17:45:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 01:45:16 +0100 Subject: [SEC] [SA42089] MemHT Portal Cross-Site Request Forgery Vulnerability Message-ID: <201011030045.oA30jGnf021352@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MemHT Portal Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42089 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MemHT Portal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the site configuration, edit user profile, or add an arbitrary article by tricking a logged in administrative user into visiting a malicious web site. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is confirmed in version 4.0.1. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA Additional information provided by Secunia Research. ORIGINAL ADVISORY: HTB22662: http://www.htbridge.ch/advisory/xss_vulnerability_in_memht_portal.html HTB22664: http://www.htbridge.ch/advisory/xss_vulnerability_in_memht_portal_1.html HTB22663: http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_memht_portal.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 18:12:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 02:12:32 +0100 Subject: [SEC] [SA42059] Intel Xeon 5500 / 5600 Series BMC Firmware Privilege Escalation Vulnerability Message-ID: <201011030112.oA31CW2G010173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Intel Xeon 5500 / 5600 Series BMC Firmware Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42059 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Intel Xeon 5500 and 5600 Series BMC Firmware, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an unspecified error and can be exploited to escalate privileges and e.g. deny service to other users. No further information is currently available. The vulnerability is reported in versions prior to 00.53. SOLUTION: Update to version 00.53. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00026&languageid=en-fr OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 18:45:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 02:45:00 +0100 Subject: [SEC] [SA42045] Debian update for nss Message-ID: <201011030145.oA31j0i2031620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for nss SECUNIA ADVISORY ID: SA42045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42045 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for nss. This fixes two vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA41244 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2123-1: http://lists.debian.org/debian-security-announce/2010/msg00173.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 19:10:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 03:10:06 +0100 Subject: [SEC] [SA42077] Fedora update for thunderbird and sunbird Message-ID: <201011030210.oA32A6tj020335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for thunderbird and sunbird SECUNIA ADVISORY ID: SA42077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42077 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for thunderbird and sunbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA41244 SA41890 SA41975 SOLUTION: Apply updated packages using the yum utility ("yum update thunderbird sunbird"). ORIGINAL ADVISORY: FEDORA-2010-16941: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050216.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050217.html FEDORA-2010-16939: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050192.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050191.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 19:24:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 03:24:12 +0100 Subject: [SEC] [SA42092] Advantage Data Architect Insecure Library Loading Vulnerability Message-ID: <201011030224.oA32OCrx008550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Advantage Data Architect Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42092 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42092/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42092 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42092/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42092/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42092 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Advantage Data Architect, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wfapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ADT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 10.00.0.3. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 19:45:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 03:45:08 +0100 Subject: [SEC] [SA42075] Fedora update for pidgin Message-ID: <201011030245.oA32j8mC029466@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for pidgin SECUNIA ADVISORY ID: SA42075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42075 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41893 SOLUTION: Apply updated packages using the yum utility ("yum update pidgin"). ORIGINAL ADVISORY: FEDORA-2010-16629: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 20:16:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 04:16:53 +0100 Subject: [SEC] [SA42010] CometBird "document.write()" and DOM Insertion Vulnerability Message-ID: <201011030316.oA33GrPP018973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CometBird "document.write()" and DOM Insertion Vulnerability SECUNIA ADVISORY ID: SA42010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42010 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CometBird, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA41957 SOLUTION: Update to version 3.6.12. ORIGINAL ADVISORY: http://www.cometforums.com/forum-70/announcement-17-new-cometbird-version-3612-has-been-released/? OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 20:45:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 04:45:14 +0100 Subject: [SEC] [SA42064] Red Hat update for pam Message-ID: <201011030345.oA33jEIh007834@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for pam SECUNIA ADVISORY ID: SA42064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42064 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pam. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. For more information: SA40978 SA42088 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0819-1: https://rhn.redhat.com/errata/RHSA-2010-0819.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 21:10:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 05:10:07 +0100 Subject: [SEC] [SA42012] Trend Micro Titanium Maximum Security 2011 IOCTL Handling Vulnerability Message-ID: <201011030410.oA34A7ec028932@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Trend Micro Titanium Maximum Security 2011 IOCTL Handling Vulnerability SECUNIA ADVISORY ID: SA42012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42012 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Titanium Maximum Security 2011, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the tmtdi.sys driver when processing IOCTLs. This can be exploited to execute arbitrary code with escalated privileges via a specially crafted 0x00220404 IOCTL. The vulnerability is reported in Trend Micro Titanium Maximum Security 2011 version 3.0.1303 and tmtdi.sys version 6.5.0.123. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov, CISS Research Team ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15376/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 21:24:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 05:24:42 +0100 Subject: [SEC] [SA42088] Linux-PAM Modules Information Disclosure and Privilege Escalation Message-ID: <201011030424.oA34OguI017167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux-PAM Modules Information Disclosure and Privilege Escalation SECUNIA ADVISORY ID: SA42088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42088 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple security issues have been reported in Linux-PAM, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. 1) Some errors in the "pam_mail" module when dropping privileges can be exploited to check for the presence of certain mail files. 2) An error in the "pam_env" module when dropping privileges can be exploited to disclose the contents of arbitrary files by e.g. symlinking the "~/.pam_environment" file to a restricted file. 3) An error in the "pam_namespace" module when executing the namespace init script can be exploited to escalate privileges by e.g. using specially crafted environment variables when running a setuid program. The security issues are reported in versions prior to 1.1.3. SOLUTION: Update to version 1.1.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/ChangeLog?revision=1.546&view=markup&pathrev=Linux-PAM-1_1_3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 21:45:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 05:45:11 +0100 Subject: [SEC] [SA42079] Fedora update for tomcat6 Message-ID: <201011030445.oA34jBCL005673@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for tomcat6 SECUNIA ADVISORY ID: SA42079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42079 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for tomcat6. This fixes a vulnerability, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA39574 SOLUTION: Apply updated packages via the yum utility ("yum update tomcat6"). ORIGINAL ADVISORY: FEDORA-2010-16248: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html FEDORA-2010-16270: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 2 22:10:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 06:10:51 +0100 Subject: [SEC] [SA42047] Slackware update for proftpd Message-ID: <201011030510.oA35ApZo026822@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for proftpd SECUNIA ADVISORY ID: SA42047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42047 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA42052 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-305-03: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 11:30:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 19:30:24 +0100 Subject: [SEC] [SA42116] IBM Tivoli Directory Server BER Denial of Service Vulnerability Message-ID: <201011031830.oA3IUOJO018014@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Directory Server BER Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42116 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42116 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42116/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42116/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42116 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a validation error when handling BER-encoded LDAP requests and can be exploited to cause a crash via a specially crafted request. The vulnerability is reported in version 6.0.0.8. SOLUTION: Apply APAR IO13306 or Interim Fix 6.0.0.8-TIV-ITDS-IF0007. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IO13306): http://www.ibm.com/support/docview.wss?uid=swg1IO13306 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 12:30:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 20:30:04 +0100 Subject: [SEC] [SA42061] Linux Kernel Memory Leak Weaknesses Message-ID: <201011031930.oA3JU4xf008299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel Memory Leak Weaknesses SECUNIA ADVISORY ID: SA42061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42061 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information. 1) The "ax25_getname()" function in net/ax25/af_ax25.c is not properly initialising a member of a certain structure before copying it to userspace, which can be exploited to disclose kernel stack memory. 2) The "packet_getname_spkt()" and "packet_getname()" functions in net/packet/af_packet.c are not properly initialising members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory. Successful exploitation of this weakness requires "CAP_NET_RAW" capabilities. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: 1) http://permalink.gmane.org/gmane.linux.network/176803 2) http://permalink.gmane.org/gmane.linux.network/176804 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 13:30:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 21:30:21 +0100 Subject: [SEC] [SA42091] Internet Explorer CSS Tag Parsing Code Execution Vulnerability Message-ID: <201011032030.oA3KULTX030997@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Internet Explorer CSS Tag Parsing Code Execution Vulnerability SECUNIA ADVISORY ID: SA42091 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42091/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42091 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42091/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42091/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42091 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient memory being allocated to store a certain combination of CSS (Cascading Style Sheets) tags. This can be exploited to overwrite a byte in a virtual table pointer and call into user-controlled data in memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Apply a custom CSS to override website CSS styles (please see the Microsoft advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2458511.mspx http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 14:31:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 22:31:57 +0100 Subject: [SEC] [SA42076] SUSE update for kernel Message-ID: <201011032131.oA3LVv75021355@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA42076 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42076/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42076 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42076/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42076/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42076 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose system and potentially sensitive information, and gain escalated privileges. For more information: SA39490 SA40656 SA40965 SA41234 SA41245 SA41263 SA41284 SA41440 SA41493 1) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:054: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 15:24:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 23:24:51 +0100 Subject: [SEC] [SA42085] F5 Products BIND "EVP_VerifyFinal()" Spoofing Vulnerability Message-ID: <201011032224.oA3MOpkk011336@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: F5 Products BIND "EVP_VerifyFinal()" Spoofing Vulnerability SECUNIA ADVISORY ID: SA42085 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42085/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42085 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42085/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42085/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42085 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: F5 Networks has acknowledged a vulnerability in various F5 products, which potentially can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused by use of a vulnerable version of BIND. For more information: SA33404 The vulnerability affects the following products and versions: * BIG-IP LTM versions 9.3.0 through 9.3.1 * BIG-IP LTM versions 9.4.0 through 9.4.8 * BIG-IP LTM versions 9.6.0 through 9.6.1 * BIG-IP LTM version 10.0.0 * BIG-IP GTM versions 9.3.0 through 9.3.1 * BIG-IP GTM versions 9.4.0 through 9.4.8 * BIG-IP GTM version 10.0.0 * BIG-IP ASM versions 9.3.0 through 9.3.1 * BIG-IP ASM versions9.4.0 through 9.4.8 * BIG-IP ASM version 10.0.0 * BIG-IP Link Controller versions 9.3.0 through 9.3.1 * BIG-IP Link Controller versions 9.4.0 through 9.4.8 * BIG-IP Link Controller version 10.0.0 * BIG-IP WebAccelerator versions 9.4 through 9.4.8 * BIG-IP WebAccelerator version 10.0.0 * BIG-IP PSM versions 9.4.5 through 9.4.8 * BIG-IP PSM version 10.0.0 * BIG-IP WAN Optimization version 10.0.0 * BIG-IP SAM version 8.0 * FirePass versions 5.5.0 through 5.5.2 * FirePass versions 6.0.0 through 6.0.3 * FirePass version 6.1.0 * FirePass version 7.0.0 * Enterprise Manager versions 1.4 through 1.4.1 * Enterprise Manager versions 1.6 through 1.8 * WANJet versions 4.2 through 4.2.16 * WANJet versions 5.0 through 5.0.2 SOLUTION: Update to a fixed version or do not use DSA certificates and keys. Please see the vendor's advisory for more details. ORIGINAL ADVISORY: https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11503.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 15:45:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Nov 2010 23:45:37 +0100 Subject: [SEC] [SA42112] Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability Message-ID: <201011032245.oA3Mjbu8032257@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA42112 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42112/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42112 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42112/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42112/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42112 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Krystian Kloskowski has discovered a vulnerability in Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error in an automatically installed compatibility component as a function in an unloaded library may be called. Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into opening the "Shockwave Settings" window when viewing a web page. The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected. SOLUTION: Do not open the "Shockwave Settings" window when viewing Shockwave content. PROVIDED AND/OR DISCOVERED BY: Krystian Kloskowski (h07) OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 16:18:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 00:18:03 +0100 Subject: [SEC] [SA42096] Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Vulnerabilities Message-ID: <201011032318.oA3NI3Gv021399@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42096 RELEASE DATE: 2010-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/42096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Pay Roll - Time Sheet and Punch Card Application With Web Interface, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "EmployeeNumber" and "Password" POST parameters to login.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: L0rd CrusAd3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 16:47:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 00:47:09 +0100 Subject: [SEC] [SA42108] Dolphin "file" File Disclosure Vulnerability Message-ID: <201011032347.oA3Nl9RJ010301@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Dolphin "file" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42108 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Dolphin, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file" parameter in gzip_loader.php is not properly verified before being used to display files in inc/classes/BxDolGzip.php. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerability is confirmed in version 7.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15400/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 17:12:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 01:12:43 +0100 Subject: [SEC] [SA42086] Site2Nite Business e-Listings "ID" SQL Injection Vulnerability Message-ID: <201011040012.oA40ChFb031451@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Site2Nite Business e-Listings "ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42086 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Site2Nite Business e-Listings, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ID" parameter to detail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: L0rd CrusAd3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 17:45:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 01:45:38 +0100 Subject: [SEC] [SA42087] Site2Ntite Vacation Rental (VRBO) Listings "ID" SQL Injection Vulnerability Message-ID: <201011040045.oA40jcov020522@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Site2Ntite Vacation Rental (VRBO) Listings "ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42087 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Site2Nite Vacation Rental (VRBO) Listings, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ID" parameter to detail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: L0rd CrusAd3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 18:12:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 02:12:37 +0100 Subject: [SEC] [SA41989] Apache Shiro URL Path Security Bypass Vulnerability Message-ID: <201011040112.oA41CbXi009325@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Shiro URL Path Security Bypass Vulnerability SECUNIA ADVISORY ID: SA41989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41989 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/41989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Shiro, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when normalizing URL paths for the path-matching logic and can be exploited to bypass path-based filters using directory traversal attacks. The vulnerability is reported in version 1.0.0-incubating. SOLUTION: Update to version 1.1.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luke Taylor of SpringSource. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 18:45:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 02:45:18 +0100 Subject: [SEC] [SA42049] SUSE update for Multiple Packages Message-ID: <201011040145.oA41jIJt030779@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA42049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42049 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security features, by malicious users to perform certain actions with escalated privileges and bypass certain security restrictions, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a user's system. For more information: SA37410 SA38877 SA40652 SA40908 SA41244 SA41503 SA41692 SA41723 NOTE: Additionally, a security issue exists in festival which insecurely uses the LD_LIBRARY_PATH environment variable and can be exploited to execute arbitrary code e.g. by tricking a user into running festival_server. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:020: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 19:10:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 03:10:12 +0100 Subject: [SEC] [SA42093] Cisco AnyConnect VPN Client Privilege Escalation Vulnerability Message-ID: <201011040210.oA42ACqq019497@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco AnyConnect VPN Client Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error when handling unspecified temporary files and can be exploited to overwrite arbitrary files via symlink attacks. The vulnerability is reported in versions prior to 2.3 running on Linux and Mac. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: Reported in the description of the OpenConnect client. ORIGINAL ADVISORY: http://www.infradead.org/openconnect.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 19:24:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 03:24:22 +0100 Subject: [SEC] [SA42111] Online Work Order Suite Professional Edition "password" SQL Injection Message-ID: <201011040224.oA42OMJ8007713@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Online Work Order Suite Professional Edition "password" SQL Injection SECUNIA ADVISORY ID: SA42111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42111 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Online Work Order Suite (OWOS) Professional Edition for ASP, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "password" POST parameter to process.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the log-in mechanism. The vulnerability is reported in version 2.10. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: L0rd CrusAd3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 19:45:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 03:45:02 +0100 Subject: [SEC] [SA42025] Advantage Data Architect Buffer Overflow Vulnerability Message-ID: <201011040245.oA42j2D0028628@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Advantage Data Architect Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42025 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Roi Mallo has discovered a vulnerability in Advantage Data Architect, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing query statements in the SQL utility and can be exploited to cause a heap-based buffer overflow via a specially crafted SQL file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a SQL file and adding some text. The vulnerability is confirmed in version 10.00.0.3. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Roi Mallo (d0lc3) ORIGINAL ADVISORY: http://elotrolad0.blogspot.com/2010/11/sybase-advantage-data-architect-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 20:14:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 04:14:40 +0100 Subject: [SEC] [SA42114] Fedora update for perl-libwww-perl Message-ID: <201011040314.oA43EeuT018071@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for perl-libwww-perl SECUNIA ADVISORY ID: SA42114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42114 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl-libwww-perl. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. The weakness is caused due to lwp-download not properly checking filenames suggested via the "Content-Disposition" header when downloading files from an HTTP server. By suggesting a different filename than expected by the user, this can be exploited to e.g. overwrite hidden files in the current directory on a user's system by tricking the user into downloading a file with a seemingly harmless filename from a malicious HTTP server. SOLUTION: Apply updated packages using the yum utility ("yum update perl-libwww-perl"). ORIGINAL ADVISORY: FEDORA-2010-15532: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 20:45:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 04:45:14 +0100 Subject: [SEC] [SA42071] Bugzilla Multiple Vulnerabilities Message-ID: <201011040345.oA43jEw5007042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Bugzilla Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42071 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct HTTP response splitting and cross-site scripting attacks 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user. 2) The application does not properly restrict access to graphs generated by other projects, which can be exploited to access otherwise restricted graphs and product names via a specially crafted URL. 3) Some vulnerabilities are caused by use of a vulnerable version of YUI. For more information: SA41955 The vulnerabilities are reported in versions prior to 3.2.9, 3.4.9, and 3.6.3. SOLUTION: Update to versions 3.2.9, 3.4.9, or 3.6.3. PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Philip Gillissen 3) Reported by the vendor The vendor also credits Michael Coates ORIGINAL ADVISORY: http://www.bugzilla.org/security/3.2.8/ https://bugzilla.mozilla.org/show_bug.cgi?id=600464 https://bugzilla.mozilla.org/show_bug.cgi?id=419014 https://bugzilla.mozilla.org/show_bug.cgi?id=606618 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 3 21:10:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 05:10:29 +0100 Subject: [SEC] [SA42082] ISC DHCP Relay-Forward Denial of Service Vulnerability Message-ID: <201011040410.oA44ATVe028158@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ISC DHCP Relay-Forward Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42082 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42082/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42082 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42082/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42082/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42082 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing DHCPv6 "Relay-Forward" messages and can be exploited to cause a crash via a packet with an empty "Link-Address" field. Successful exploitation requires the server to be configured for DHCPv6. The vulnerability is reported in versions 4.0 through 4.2. SOLUTION: Update to version 4.0.2, 4.1.2, and 4.2.0-P1. PROVIDED AND/OR DISCOVERED BY: The vendor credits John Gibbins. ORIGINAL ADVISORY: http://www.isc.org/software/dhcp/advisories/cve-2010-3611 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 11:30:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 19:30:09 +0100 Subject: [SEC] [SA42100] Textpattern Script Insertion Vulnerability Message-ID: <201011041830.oA4IU9E1015990@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Textpattern Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42100 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Textpattern, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "Message" field when adding a comment to an article is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will get executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the comment is accepted by the administrator, or that "Moderate comments?" is set to "No" in the back-end. The vulnerability is confirmed in version 4.2.0. Other versions may also be affected. SOLUTION: Update to version 4.3.0. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22672: http://www.htbridge.ch/advisory/xss_in_textpattern_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 12:29:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 20:29:56 +0100 Subject: [SEC] [SA42124] SweetRice Password Reset Security Issue Message-ID: <201011041929.oA4JTuvu006280@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SweetRice Password Reset Security Issue SECUNIA ADVISORY ID: SA42124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42124 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a security issue in SweetRice, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the password reset mechanism in as/index.php (when "type" is set to "password" and "mod" is set to "resetok") not properly validating the supplied token. This can be exploited to change the administrative password and gain administrative access to the application. Successful exploitation requires knowing the administrative email address. The security issue is confirmed in version 0.6.7 and 0.6.7.1. Other versions may also be affected. SOLUTION: Restrict access to the administrative section. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22669: http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 13:31:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 21:31:02 +0100 Subject: [SEC] [SA42109] Google Chrome Multiple Vulnerabilities Message-ID: <201011042031.oA4KV2IX029034@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42109 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to potentially compromise a user's system. 1) A use-after-free error related to text editing can be exploited to corrupt memory. 2) An unspecified error related to the processing of an enormous text area can be exploited to corrupt memory. 3) An error related to a bad cast exists within the handling of the SVG use element. 4) An unspecified error in the XPath handling can be exploited to access invalid memory. 5) A use-after-free error related to text control selections can be exploited to corrupt memory. 6) Multiple integer overflow errors exist in the font handling. These vulnerabilities affect only the Linux platform. 7) An unspecified error in libvpx can be exploited to corrupt memory. 8) An unspecified error exists related to the usage of a destroyed frame object. 9) An unspecified error exists related to type confusions with event objects. 10) An unspecified error in the SVG handling can be exploited to trigger an out-of-bounds array access. SOLUTION: Update to version 7.0.517.44. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) David Bloom, Google Security Team, Google Chrome Security Team (Inferno), and Google Chrome Security Team (Cris Neckar). 2, 10) wushi, team509 3) kuzzcc 4) Bui Quang Minh, Bkis 5) "vkouchna" 6) Aki Helin, OUSPG. 7) Christoph Diehl 8) Various developers, including "gundlach" 9) "fam.lam" and Google Chrome Security Team (Inferno) ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 14:31:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 22:31:34 +0100 Subject: [SEC] [SA42098] eoCMS Multiple Vulnerabilities Message-ID: <201011042131.oA4LVY1V019347@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: eoCMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42098 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42098/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42098 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42098/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42098/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42098 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in eoCMS, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information and conduct SQL injection attacks. 1) The application fails to correctly sanitise user supplied input via BBCode. This can be exploited to insert arbitrary HTML and script code, which will get executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "eocms" Cookie parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 3) Input passed via the "lang" parameter to index.php is not properly verified before being used to include files. This can be exploited to include certain files from local resources via directory traversal sequences. 4) Input passed via the "theme" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 0.9.04. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22673: http://www.htbridge.ch/advisory/lfi_in_eocms.html HTB22675: http://www.htbridge.ch/advisory/sql_injection_in_eocms.html HTB22676: http://www.htbridge.ch/advisory/lfi_in_eocms_1.html HTB22677: http://www.htbridge.ch/advisory/bbcode_xss_in_eocms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 15:24:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 23:24:40 +0100 Subject: [SEC] [SA42106] SweetRice Multiple SQL Injection Vulnerabilities Message-ID: <201011042224.oA4MOefX009335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SweetRice Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42106 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42106/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42106 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42106/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42106/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42106 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in SweetRice, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "file_name" parameter to index.php (when "action" is set to "attachment"), "post" parameter to index.php (when "action" is set to "show_comment"), and "sys-name" parameter to index.php (when "action" is set to "view") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 0.6.7. Other versions may also be affected. SOLUTION: Update to version 0.6.7.1 PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22667: http://www.htbridge.ch/advisory/sql_injection_in_sweetrice_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 15:44:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Nov 2010 23:44:47 +0100 Subject: [SEC] [SA40927] Avira Premium Security Suite "avipbb.sys" Denial of Service Message-ID: <201011042244.oA4MilHH030240@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Avira Premium Security Suite "avipbb.sys" Denial of Service SECUNIA ADVISORY ID: SA40927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40927 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/40927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Avira Premium Security Suite, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in "avipbb.sys", which can be exploited to dereference invalid memory and cause a system crash. The vulnerability is confirmed in version 10.0.0.565. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 16:16:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 00:16:42 +0100 Subject: [SEC] [SA42123] Fedora update for luci Message-ID: <201011042316.oA4NGgqe019383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for luci SECUNIA ADVISORY ID: SA42123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42123 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for luci. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42113 SOLUTION: Apply updated packages using the yum utility ("yum update luci"). ORIGINAL ADVISORY: FEDORA-2010-16601: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html FEDORA-2010-16617: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 16:46:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 00:46:56 +0100 Subject: [SEC] [SA42099] JustSystems Ichitaro Two Document Parsing Vulnerabilities Message-ID: <201011042346.oA4NkuHx008342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: JustSystems Ichitaro Two Document Parsing Vulnerabilities SECUNIA ADVISORY ID: SA42099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42099 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in JustSystems Ichitaro, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error exists when parsing documents. No more information is currently available. 2) An unspecified error exists when parsing documents. No more information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.justsystems.com/jp/info/js10003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 17:12:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 01:12:05 +0100 Subject: [SEC] [SA42035] Linux Kernel "ioc_general()" Integer Truncation Vulnerability Message-ID: <201011050012.oA50C58Y029482@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel "ioc_general()" Integer Truncation Vulnerability SECUNIA ADVISORY ID: SA42035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42035 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to an integer truncation error within the "ioc_general()" function in drivers/scsi/gdth.c, which can be exploited to cause a kernel memory corruption by sending specially crafted IOCTLs. Successful exploitation may require a 64bit system. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Dan Carpenter ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f63ae56e4e97fb12053590e41a4fa59e7daa74a4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 17:44:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 01:44:53 +0100 Subject: [SEC] [SA42094] Linux Kernel "x25_parse_facilities()" Denial of Service Vulnerability Message-ID: <201011050044.oA50irxh018549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel "x25_parse_facilities()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42094 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error within the "x25_parse_facilities()" function in net/x25/x25_facilities.c, which can be exploited to cause a kernel heap memory corruption by e.g. sending specially crafted X.25 traffic. SOLUTION: Fixed in David S. Miller's GIT repository. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://marc.info/?l=linux-netdev&m=128871017529408 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=a6331d6f9a4298173b413cf99a40cc86a9d92c37 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 18:12:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 02:12:36 +0100 Subject: [SEC] [SA42104] NetSupport Manager Plaintext Header Information Disclosure Vulnerability Message-ID: <201011050112.oA51CaTE007407@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetSupport Manager Plaintext Header Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA42104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42104 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetSupport Manager, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the HTTP protocol implementation, which does not encrypt the headers of some of the NetSupport HTTP packets. This can be exploited to disclose certain sensitive information e.g. client IP address, MAC address, and username of the logged in user by intercepting the HTTP packets between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients. The vulnerability is reported in version NSM 11.00. SOLUTION: Update to version 11.00.0005 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.netsupportsoftware.com/support/kb/asp/kbprovider.asp?gettd=634&lang=EN&xsl=http%3A//www.netsupportsoftware.com/support/kb/TechDoc.xsl OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 18:45:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 02:45:24 +0100 Subject: [SEC] [SA42105] miniBB "[url]" BBcode Script Insertion Vulnerability Message-ID: <201011050145.oA51jOwl028874@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: miniBB "[url]" BBcode Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42105 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in miniBB, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "[url]" BBcode tag when posting a message is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 2.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22670): http://www.htbridge.ch/advisory/bbcode_xss_in_minibb.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 19:10:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 03:10:02 +0100 Subject: [SEC] [SA42102] Red Hat update for mysql Message-ID: <201011050210.oA52A2Ro017584@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for mysql SECUNIA ADVISORY ID: SA42102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42102 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for mysql. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or to cause a DoS (Denial of Service). For more information: SA39792 SA41048 SA41716 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2010-0824.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 19:24:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 03:24:28 +0100 Subject: [SEC] [SA42122] NetSupport Manager Plaintext Header Information Disclosure Vulnerability Message-ID: <201011050224.oA52OSn4005826@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetSupport Manager Plaintext Header Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA42122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42122 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetSupport Manager, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA42104 The vulnerability is reported in versions NSM 10.50, NSM 10.30, NSM 10.20, NSM 10.00, NSM 9.60, NSM 9.50, NSM 9.10, and NSM 9.00. SOLUTION: Upgrade to version 11.00.0005 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.netsupportsoftware.com/support/kb/asp/kbprovider.asp?gettd=634&lang=EN&xsl=http%3A//www.netsupportsoftware.com/support/kb/TechDoc.xsl OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 19:45:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 03:45:02 +0100 Subject: [SEC] [SA42101] Zen Cart "loader_file" Local File Inclusion Vulnerability Message-ID: <201011050245.oA52j1pX026754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Zen Cart "loader_file" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42101 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zen Cart, which can be exploited by malicious people to disclose sensitive information. Input passed via the "loader_file" parameter to includes/initsystem.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences. Successful exploitation requires that "register_globals" enabled, and that the server is not configured to use ".htaccess" files. The vulnerability is confirmed in version 1.3.9h. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. Enable the usage of ".htaccess" files. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: Salvatore Fresta: http://adv.salvatorefresta.net/Zen_Cart_1.3.9h_Local_File_Inclusion_Vulnerability-03112010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 20:14:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 04:14:47 +0100 Subject: [SEC] [SA42121] Red Hat update for mysql Message-ID: <201011050314.oA53ElJK016176@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for mysql SECUNIA ADVISORY ID: SA42121 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42121/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42121 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42121/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42121/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42121 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for mysql. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), For more information: SA41048 SA41716 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0825.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 20:44:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 04:44:58 +0100 Subject: [SEC] [SA42113] Red Hat Conga "luci" Default Secret Key Security Bypass Message-ID: <201011050344.oA53iw7H005117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat Conga "luci" Default Secret Key Security Bypass SECUNIA ADVISORY ID: SA42113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42113 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Red Hat Conga, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to "luci" using an insecure secret key by default, which can be exploited to e.g. bypass the authentication mechanism via fake ticket cookies. SOLUTION: Manually set a new secret key. An updated SPEC file to generate and apply new RPM packages is available via the GIT repository. PROVIDED AND/OR DISCOVERED BY: Jan Pokorny, Red Hat ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=626504 http://git.fedorahosted.org/git/?p=luci.git;a=commitdiff;h=9e0bbf0c5faa198379d945474f7d55da5031cacf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 21:10:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 05:10:05 +0100 Subject: [SEC] [SA42097] MySQL Prepared-Statement Mode "EXPLAIN" Denial of Service Vulnerability Message-ID: <201011050410.oA54A5Q9026267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MySQL Prepared-Statement Mode "EXPLAIN" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42097 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the prepared-statement mode when processing "EXPLAIN" for a "SELECT" from a derived table, which can be exploited to cause a crash. The vulnerability is reported in versions prior to 5.1.52. SOLUTION: Update to version 5.1.52. PROVIDED AND/OR DISCOVERED BY: Reported by Shane Bester in a MySQL bug report. ORIGINAL ADVISORY: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html http://bugs.mysql.com/bug.php?id=54488 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 21:24:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 05:24:19 +0100 Subject: [SEC] [SA42095] Adobe Reader Unspecified Memory Corruption Vulnerability Message-ID: <201011050424.oA54OJYj014495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Reader Unspecified Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA42095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42095 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Reader, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an unspecified error when parsing PDF files and can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 9.4.0. Other versions may also be affected. SOLUTION: Do not open untrusted PDF files. PROVIDED AND/OR DISCOVERED BY: scup OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 4 21:45:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 05:45:12 +0100 Subject: [SEC] [SA42117] GSPlayer Playlist Processing Buffer Overflow Vulnerability Message-ID: <201011050445.oA54jCGB003030@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GSPlayer Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42117 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in GSPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing filenames within a playlist file using the "wsprintfA()" function and can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted M3U file containing an overly long (greater than 256 bytes) entry. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.83a. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: moigai ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15417/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 11:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 19:30:14 +0100 Subject: [SEC] [SA42148] Linux Kernel KVM Memory Leak Weaknesses Message-ID: <201011051830.oA5IUETG012901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel KVM Memory Leak Weaknesses SECUNIA ADVISORY ID: SA42148 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42148/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42148 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42148/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42148/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42148 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information. The "kvm_vcpu_ioctl_x86_get_vcpu_events()", "kvm_vcpu_ioctl_x86_get_debugregs()", "kvm_vm_ioctl_get_pit2()", and "kvm_arch_vm_ioctl()" functions in arch/x86/kvm/x86.c are not properly initialising members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory. SOLUTION: Fixed in the KVM GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=831d9d02f9522e739825a51a11e3bc5aa531a905 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 12:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 20:30:19 +0100 Subject: [SEC] [SA42133] Joomla Multiple SQL Injection Vulnerabilities Message-ID: <201011051930.oA5JUJAe003202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42133 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42133/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42133 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42133/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42133/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42133 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "filter_order" and "filter_order_Dir" parameters to index.php (e.g. when "option" is set to "com_weblinks", "com_contact", or "com_messages") is not properly verified before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting limited SQL code, which may result in e.g. information disclosure via database errors. The vulnerabilities are reported in versions prior to 1.5.22. SOLUTION: Update to version 1.5.22. PROVIDED AND/OR DISCOVERED BY: YGN Ethical Hacker Group ORIGINAL ADVISORY: Joomla: http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html YGN Ethical Hacker Group: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 13:30:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 21:30:10 +0100 Subject: [SEC] [SA41784] IBM Rational Quality Manager and Rational Test Lab Manager Tomcat "manager" Default Account Message-ID: <201011052030.oA5KUAHQ025908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Rational Quality Manager and Rational Test Lab Manager Tomcat "manager" Default Account SECUNIA ADVISORY ID: SA41784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41784 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/41784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM Rational Quality Manager and Rational Test Lab Manager, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. The security issue is caused due to the application deploying a Tomcat "manager" account with default credentials. This can be exploited to gain access to an affected system and execute arbitrary code. SOLUTION: Restrict access to the "manager" account via "tomcat-users.xml". PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-214/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 14:29:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 22:29:45 +0100 Subject: [SEC] [SA42142] Fedora update for pam Message-ID: <201011052129.oA5LTjA6016203@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for pam SECUNIA ADVISORY ID: SA42142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42142 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pam. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. For more information: SA40978 SA42088 SOLUTION: Apply updated packages via the yum utility ("yum update pam"). ORIGINAL ADVISORY: FEDORA-2010-17112: https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 15:23:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 23:23:54 +0100 Subject: [SEC] [SA42147] Fedora update for pyftpdlib Message-ID: <201011052223.oA5MNse9006239@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for pyftpdlib SECUNIA ADVISORY ID: SA42147 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42147/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42147 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42147/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42147/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42147 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pyftpdlib. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA42143 SOLUTION: Apply updated packages using the yum utility ("yum update pyftpdlib"). ORIGINAL ADVISORY: FEDORA-2010-16731: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050257.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 15:44:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Nov 2010 23:44:58 +0100 Subject: [SEC] [SA42136] IBM WebSphere Application Server Administration Console Cross-Site Scripting Message-ID: <201011052244.oA5MiwlJ027194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Administration Console Cross-Site Scripting SECUNIA ADVISORY ID: SA42136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42136 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the administrative console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.1 Fix Pack 35 (6.1.0.35). SOLUTION: Apply APAR PM14251 or update to version 6.1 Fix Pack 35 (6.1.0.35) when it becomes available (currently scheduled for 17 Dec 2010). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ISS X-Force: http://xforce.iss.net/xforce/xfdb/62947 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 16:15:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 00:15:04 +0100 Subject: [SEC] [SA42134] avast! Internet Security "aswtdi.sys" IOCTL Handling Denial of Service Message-ID: <201011052315.oA5NF4Vk016256@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: avast! Internet Security "aswtdi.sys" IOCTL Handling Denial of Service SECUNIA ADVISORY ID: SA42134 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42134/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42134 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42134/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42134/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42134 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in avast! Internet Security, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the aswtdi.sys driver when processing IOCTLs. This can be exploited to e.g. cause a crash via a specially crafted 0x80000004 IOCTL. The vulnerability is reported in avast! Internet Security version 5.0.677 and aswtdi.sys version 5.0.677.0. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov, CISS Research Team ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15420/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 16:47:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 00:47:40 +0100 Subject: [SEC] [SA42143] Python FTP Server Library Security Bypass and Denial of Service Vulnerabilities Message-ID: <201011052347.oA5Nlexu005319@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Python FTP Server Library Security Bypass and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42143 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42143/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42143 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42143/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42143/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42143 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Python FTP server library (pyftplib), which can be exploited by malicious users to bypass certain security restrictions, and by malicious users and malicious people to cause a DoS (Denial of Service). 1) A race condition within the "__init__()" method of the FTPHandler class when acquiring a peername can lead to an unexpected exception being raised causing the process to crash. 2) The library does not properly check for the "l" permission when processing FTP MLST commands, which can be exploited to bypass intended restrictions and list the contents of directories. 3) A memory leak exists within the "on_dtp_close()" method of the FTPHandler class when processing FTP QUIT commands during a data transfer. 4) An error within the FTPHandler class when accepting a connection can lead to unexpected exceptions being raised or unexpected types being returned causing the process to crash. This vulnerability is related to: SA41279 SOLUTION: Update to version 0.5.2. PROVIDED AND/OR DISCOVERED BY: 1) Reported by bneijt in a pyftplib bug report. 2, 3) Reported by billiejoex in a pyftplib bug report. 4) Reported by wentao.han and billiejoex in pyftplib bug reports. ORIGINAL ADVISORY: 1) http://code.google.com/p/pyftpdlib/issues/detail?id=100 2) http://code.google.com/p/pyftpdlib/issues/detail?id=114 3) http://code.google.com/p/pyftpdlib/issues/detail?id=119 4) http://code.google.com/p/pyftpdlib/issues/detail?id=104 http://code.google.com/p/pyftpdlib/issues/detail?id=105 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 17:12:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 01:12:13 +0100 Subject: [SEC] [SA42141] Fedora update for xpdf Message-ID: <201011060012.oA60CDOE026455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for xpdf SECUNIA ADVISORY ID: SA42141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42141 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for xpdf. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Apply updated packages via the yum utility ("yum update xpdf"). ORIGINAL ADVISORY: FEDORA-2010-16662: https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc13 FEDORA-2010-16705: https://admin.fedoraproject.org/updates/xpdf-3.02-16.fc12 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 17:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 01:44:59 +0100 Subject: [SEC] [SA41929] BroadWorks Call Records Information Disclosure Security Issue Message-ID: <201011060044.oA60ixAR015536@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BroadWorks Call Records Information Disclosure Security Issue SECUNIA ADVISORY ID: SA41929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41929 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/41929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in BroadWorks, which can be exploited by malicious users to disclose sensitive information. The security issue is caused due to the application not properly validating Client Application Protocol (CAP) "monitoringUsersRequest" messages and can be exploited to e.g. view and record call details of other organisations via specially crafted XML messages. Successful exploitation requires knowing a target user's id. The security issue is reported in version R16. Other versions may also be affected. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Nick Freeman, Security-Assessment.com ORIGINAL ADVISORY: http://security-assessment.com/files/advisories/BroadWorks_Call_Detail_Record_Disclosure_Vulnerability.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 18:12:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 02:12:52 +0100 Subject: [SEC] [SA42126] Linux Kernel INET Socket Monitoring Bytecode Security Bypass Message-ID: <201011060112.oA61CqYq004380@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel INET Socket Monitoring Bytecode Security Bypass SECUNIA ADVISORY ID: SA42126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42126 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an error within the INET socket monitoring feature when auditing the bytecode contained in certain netlink messages, which can be exploited to bypass the bytecode audit and e.g. cause the kernel to enter an infinite loop by sending netlink messages with two attribute elements. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nelson Elhage ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2010/11/04/9 http://permalink.gmane.org/gmane.linux.network/177039 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 18:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 02:44:59 +0100 Subject: [SEC] [SA42140] Fedora update for horde Message-ID: <201011060144.oA61ixMx025849@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for horde SECUNIA ADVISORY ID: SA42140 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42140/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42140 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42140/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42140/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42140 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for horde. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA41283 SOLUTION: Apply updated packages using the yum utility ("yum update horde"). ORIGINAL ADVISORY: FEDORA-2010-16592: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 19:10:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 03:10:01 +0100 Subject: [SEC] [SA42125] Ubuntu update for cups Message-ID: <201011060210.oA62A1BQ014590@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for cups SECUNIA ADVISORY ID: SA42125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42125 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for cups. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA41706 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1012-1: http://www.ubuntu.com/usn/usn-1012-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 19:23:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 03:23:46 +0100 Subject: [SEC] [SA42127] SUSE update for flash-player Message-ID: <201011060223.oA62NkIU002779@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA42127 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42127/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42127 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42127/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42127/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42127 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA41917 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:055: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 19:45:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 03:45:02 +0100 Subject: [SEC] [SA42107] Ubuntu update for pidgin Message-ID: <201011060245.oA62j2mj023781@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for pidgin SECUNIA ADVISORY ID: SA42107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42107 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA39801 SA41893 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1014-1: http://www.ubuntu.com/usn/usn-1014-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 5 20:14:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Nov 2010 04:14:52 +0100 Subject: [SEC] [SA42120] Ubuntu update for freetype Message-ID: <201011060314.oA63Eq2M013213@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for freetype SECUNIA ADVISORY ID: SA42120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42120 RELEASE DATE: 2010-11-06 DISCUSS ADVISORY: http://secunia.com/advisories/42120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40586 SA41738 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1013-1: http://www.ubuntu.com/usn/usn-1013-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 10:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 19:30:27 +0100 Subject: [SEC] [SA42184] Fedora update for glpi Message-ID: <201011081830.oA8IURCO009404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for glpi SECUNIA ADVISORY ID: SA42184 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42184/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42184 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42184/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42184/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42184 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for glpi. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, disclose sensitive information, and to hijack another user's session and by malicious people to conduct cross-site scripting attacks. For more information: SA42149 SOLUTION: Apply updated packages using the yum utility ("yum update glpi"), which uses the system phpCAS instead of bundled copy. ORIGINAL ADVISORY: FEDORA-2010-16905: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html FEDORA-2010-16912: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 11:29:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 20:29:59 +0100 Subject: [SEC] [SA42186] Joomla nBill Component Directory Traversal Vulnerability Message-ID: <201011081929.oA8JTx0E032099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla nBill Component Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42186 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the nBill component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Certain unspecified input in not properly sanitised before being used, which can be exploited to disclose sensitive information via directory traversal attacks. The vulnerabilities are reported in 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10. Other versions may also be affected. SOLUTION: Update to 2.0.9 standard edition, 2.0.10 lite edition, or 1.2_10 and apply the patch. PROVIDED AND/OR DISCOVERED BY: Discovered in the wild. ORIGINAL ADVISORY: http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 12:29:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 21:29:33 +0100 Subject: [SEC] [SA42182] Joomla! RSForm! Component "lang" Local File Inclusion and SQL Injection Vulnerabilities Message-ID: <201011082029.oA8KTXSj022409@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! RSForm! Component "lang" Local File Inclusion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42182 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42182/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42182 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42182/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42182/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42182 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the RSForm! component for Joomla!, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. 1) Input passed via the "lang" parameter to index.php (when "option" is set to "com_forme") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 2) Input passed via the "lang" parameter to index.php (when "option" is set to "com_forme") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.0.5. Other versions may also be affected. SOLUTION: Update to version 1.0.6. PROVIDED AND/OR DISCOVERED BY: jdc ORIGINAL ADVISORY: RSJoomla: http://www.rsjoomla.com/customer-support/documentations/12-general-overview-of-the-component/46-rsform-changelog.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 13:29:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 22:29:15 +0100 Subject: [SEC] [SA42197] WordPress FeedList Plugin "i" Cross-Site Scripting Vulnerability Message-ID: <201011082129.oA8LTF02012722@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress FeedList Plugin "i" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42197 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the FeedList plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "i" parameter in wp-content/plugins/feedlist/handler_image.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.61.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 14:23:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 23:23:58 +0100 Subject: [SEC] [SA42153] FL Studio Insecure Library Loading Vulnerability Message-ID: <201011082223.oA8MNw06002773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FL Studio Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42153 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FL Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. avrt.dll and dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FLP, FSC, or FLKEY file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 9.1.0. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 14:44:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Nov 2010 23:44:54 +0100 Subject: [SEC] [SA42196] WordPress WP Survey And Quiz Tool Plugin "action" Cross-Site Scripting Message-ID: <201011082244.oA8MisBX023765@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress WP Survey And Quiz Tool Plugin "action" Cross-Site Scripting SECUNIA ADVISORY ID: SA42196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42196 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the WP Survey And Quiz Tool plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "action" parameter in wp-content/plugins/wp-survey-and-quiz-tool/pages/admin/surveys/create.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 15:13:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 00:13:34 +0100 Subject: [SEC] [SA42149] GLPI phpCAS Multiple Vulnerabilities Message-ID: <201011082313.oA8NDYic012785@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GLPI phpCAS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42149 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42149/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42149 RELEASE DATE: 2010-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/42149/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42149/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42149 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and multiple vulnerabilities have been reported in GLPI, which can be exploited by malicious users to perform certain actions with escalated privileges, disclose sensitive information, and to hijack another user's session and by malicious people to conduct cross-site scripting attacks. The vulnerabilities are caused due to the use of vulnerable phpCAS code. For more information: SA40845 SA41655 SOLUTION: Update to version 0.78. ORIGINAL ADVISORY: https://forge.indepnet.net/projects/glpi/repository/revisions/12601 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 15:46:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 00:46:42 +0100 Subject: [SEC] [SA42194] WordPress jRSS Widget Plugin "url" File Disclosure Vulnerability Message-ID: <201011082346.oA8Nkgto001841@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress jRSS Widget Plugin "url" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42194 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the jRSS Widget plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "url" parameter in wp-content/plugins/jrss-widget/proxy.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 1.1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.jRSS.Widget.1.1.1.Local.File.Inclusion/59 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 16:12:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 01:12:20 +0100 Subject: [SEC] [SA42167] WinTFTP Server Pro Directory Traversal Vulnerability Message-ID: <201011090012.oA90CKAa023075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WinTFTP Server Pro Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42167 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42167/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42167 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42167/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42167/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42167 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in WinTFTP Server Pro, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. The vulnerability is caused due to an input validation error when processing GET and PUT requests and can be exploited to download or manipulate files in arbitrary locations outside the TFTP root via directory traversal sequences. NOTE: The "Allow upload to server" option must be enabled in order to use the TFTP PUT command (disabled by default). The vulnerability is confirmed in version 3.1. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Pr0T3cT10n ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15427/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 16:44:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 01:44:35 +0100 Subject: [SEC] [SA42177] Fedora update for monotone Message-ID: <201011090044.oA90iZDq012146@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for monotone SECUNIA ADVISORY ID: SA42177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42177 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for monotone. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA41960 SOLUTION: Apply update packages using the yum utility ("yum update monotone"). ORIGINAL ADVISORY: FEDORA-2010-16902: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050468.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 17:12:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 02:12:51 +0100 Subject: [SEC] [SA42150] SUSE update for MozillaFirefox, seamonkey, and MozillaThunderbird Message-ID: <201011090112.oA91Cpga000991@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox, seamonkey, and MozillaThunderbird SECUNIA ADVISORY ID: SA42150 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42150/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42150 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42150/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42150/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42150 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox, seamonkey, and MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. For more information: SA39925 SA41244 SA41297 SA41957 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:056: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 17:45:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 02:45:13 +0100 Subject: [SEC] [SA42129] Cisco Unified Communications Manager Privilege Escalation Vulnerability Message-ID: <201011090145.oA91jDBx022526@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an input validation error in the "/usr/local/cm/bin/pktCap_protectData" setuid program when processing options. This can be exploited e.g. via the administrative web-based interface to execute arbitrary shell commands with the privileges of the root user. Please see the vendor's advisory for details on affected versions. SOLUTION: Update to the latest version. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Knud Erik H?jgaard, nSense ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21656 NSENSE-2010-003: http://www.nsense.fi/advisories/nsense_2010_003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 18:10:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 03:10:11 +0100 Subject: [SEC] [SA42192] WordPress DB Toolkit Plugin Arbitrary File Upload Security Issue Message-ID: <201011090210.oA92ABTB011268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress DB Toolkit Plugin Arbitrary File Upload Security Issue SECUNIA ADVISORY ID: SA42192 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42192/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42192 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42192/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42192/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42192 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a security issue in the DB Toolkit plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the wp-content/plugins/db-toolkit/data_form/fieldtypes/file/scripts/uploadify.php script allowing the upload of files to a folder inside the webroot. This can be exploited to upload arbitrary files and e.g. execute arbitrary PHP code. The security issue is confirmed in version 0.1.10. Other versions may also be affected. SOLUTION: Restrict access to the wp-content/plugins/db-toolkit/data_form/fieldtypes/file/scripts/uploadify.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.Database.Interface.Toolkit.0.1.7.Arbitrary.Upload/61 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 18:24:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 03:24:20 +0100 Subject: [SEC] [SA42183] Red Hat update for flash-plugin Message-ID: <201011090224.oA92OKCP031917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA42183 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42183/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42183 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42183/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42183/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42183 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA41917 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0829-1: https://rhn.redhat.com/errata/RHSA-2010-0829.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 18:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 03:45:05 +0100 Subject: [SEC] [SA42130] Novell ZENworks Handheld Management Buffer Overflow Vulnerability Message-ID: <201011090245.oA92j52n020480@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Novell ZENworks Handheld Management Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42130 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell ZENworks Handheld Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the ZfHIPCND.exe module and can be exploited to cause a heap-based buffer overflow via data sent to TCP port 2400. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 7 SP1. SOLUTION: Novell has issued a Field Test File (FTF) for testing (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: An anonymous person, reported via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007135 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-230/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 19:14:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 04:14:27 +0100 Subject: [SEC] [SA42146] Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities Message-ID: <201011090314.oA93ERXQ009919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 19:43:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 04:43:56 +0100 Subject: [SEC] [SA42195] WordPress Vodpod Video Gallery Plugin "gid" Cross-Site Scripting Vulnerability Message-ID: <201011090343.oA93huCm031265@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Vodpod Video Gallery Plugin "gid" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42195 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42195/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42195 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42195/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42195/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42195 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the Vodpod Video Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "gid" parameter in wp-content/plugins/vodpod-video-gallery/vodpod_gallery_thumbs.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 20:09:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 05:09:14 +0100 Subject: [SEC] [SA42159] G DATA TotalCare Local Denial of Service Message-ID: <201011090409.oA949EZv020017@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: G DATA TotalCare Local Denial of Service SECUNIA ADVISORY ID: SA42159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42159 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in G Data TotalCare, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in "HookCentre.sys", which can be exploited to dereference invalid memory and cause a system crash. The vulnerability is confirmed in version 2011 (HookCentre.sys file version 3.1.10239.62) . Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 20:22:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 05:22:50 +0100 Subject: [SEC] [SA42152] Mahara "groupviews.tpl" Cross-Site Scripting Vulnerability Message-ID: <201011090422.oA94MoXS008253@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mahara "groupviews.tpl" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42152 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42152/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42152 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42152/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42152/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42152 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mahara, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input is not properly sanitised in blocktype/groupviews/theme/raw/groupviews.tpl before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.3.3. SOLUTION: Update to version 1.3.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wiki.mahara.org/Release_Notes/1.3.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 20:43:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 05:43:57 +0100 Subject: [SEC] [SA42193] WordPress SEO Tools Plugin "file" File Disclosure Vulnerability Message-ID: <201011090443.oA94hvEe029218@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress SEO Tools Plugin "file" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42193 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42193/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42193 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42193/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42193/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42193 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the SEO Tools plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file" parameter in wp-content/plugins/seo-automatic-seo-tools/feedcommander/get_download.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 3.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WordPress.SEO.Tools.by.SEO.Automatic.3.0.Local.File.Inclusion/60 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 8 21:09:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 06:09:27 +0100 Subject: [SEC] [SA42155] Acoustica Insecure Library Loading Vulnerability Message-ID: <201011090509.oA959RZM017987@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Acoustica Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42155 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Acoustica, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AEC file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.1.0 Build 388. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 10:29:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 19:29:24 +0100 Subject: [SEC] [SA42135] PHP "mb_strcut()" Information Disclosure Security Issue Message-ID: <201011091829.oA9ITOGR009238@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PHP "mb_strcut()" Information Disclosure Security Issue SECUNIA ADVISORY ID: SA42135 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42135/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42135 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42135/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42135/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42135 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in PHP, which can be exploited by malicious users and malicious people to potentially disclose sensitive information. The security issue is caused due to an input validation error in "mbfl_strcut()" in ext/mbstring/libmbfl/mbfl/mbfilter.c, which can be exploited to disclose potentially sensitive memory by passing an overly large "length" parameter to the "mb_strcut()" PHP function. Successful exploitation from remote depends on the application using the library function. The security issue is confirmed in version 5.3.3. Other versions may also be affected. SOLUTION: Ensure that parameters passed to "mb_strcut()" are properly validated and grant only trusted users permissions to invoke "mb_strcut()". PROVIDED AND/OR DISCOVERED BY: Mateusz Kocielski ORIGINAL ADVISORY: http://marc.info/?l=oss-security&m=128916137005024&w=2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 11:29:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 20:29:07 +0100 Subject: [SEC] [SA42103] Microsoft Office 2004 for Mac Integer Underflow Vulnerability Message-ID: <201011091929.oA9JT7Dd031922@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office 2004 for Mac Integer Underflow Vulnerability SECUNIA ADVISORY ID: SA42103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42103 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office 2004 for Mac, which can be exploited by malicious people to compromise a user's system. For more information see vulnerability #2: SA39304 SOLUTION: The security update for Microsoft Office 2004 for Mac is currently unavailable. ORIGINAL ADVISORY: MS10-088 (KB2293386): http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 12:29:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 21:29:05 +0100 Subject: [SEC] [SA42158] Suricata TCP Detection Evasion Security Issues Message-ID: <201011092029.oA9KT5J5022242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Suricata TCP Detection Evasion Security Issues SECUNIA ADVISORY ID: SA42158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42158 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in Suricata, which can be exploited by malicious people to bypass certain security features. The security issues are caused due to errors in the processing of certain TCP packets, which can be exploited to bypass detection rules by e.g. sending specially crafted packets. The security issues are reported in versions prior to 1.0.2. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: Judy Novak ORIGINAL ADVISORY: Suricata: http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/103-suricata-102-released Judy Novak: http://www.packetstan.com/2010/09/suricata-tcp-evasions.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 13:29:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 22:29:59 +0100 Subject: [SEC] [SA42154] DeluxeBB Authentication Bypass Security Issue Message-ID: <201011092129.oA9LTx45012597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DeluxeBB Authentication Bypass Security Issue SECUNIA ADVISORY ID: SA42154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42154 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in DeluxBB, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error in the authentication mechanism in pm.php. This can be exploited e.g. to access a user's inbox or send messages as a user by setting the cookie parameters "membercookie" to the user's username, "memberid" to the user's id, and "memberpw" to an arbitrary value. The security issue is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that authentication is correctly enforced. PROVIDED AND/OR DISCOVERED BY: Vis Intelligendi ORIGINAL ADVISORY: http://vis-intelligendi.co.cc/show.php?id=14 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 14:23:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 23:23:58 +0100 Subject: [SEC] [SA42160] ImpressCMS SQL Injection Vulnerability Message-ID: <201011092223.oA9MNw5w002601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ImpressCMS SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42160 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ImpressCMS, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.2.3 RC2. SOLUTION: Fixed in version 1.2.3 RC2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.impresscms.org/content.php?page=ImpressCMS_1.2.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 14:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Nov 2010 23:45:05 +0100 Subject: [SEC] [SA41985] Aardvark Topsites "q" Cross-Site Scripting Vulnerability Message-ID: <201011092245.oA9Mj5qx023593@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Aardvark Topsites "q" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41985 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/41985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Aardvark Topsites, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "q" parameter to index.php (when "a" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Jos? Pablo Gonz?lez. Additional information provided by Yam Mesicka. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 15:17:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 00:17:48 +0100 Subject: [SEC] [SA42145] Juniper IVE OS "meeting_testjava.cgi" Cross-Site Scripting Vulnerability Message-ID: <201011092317.oA9NHmEe012793@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Juniper IVE OS "meeting_testjava.cgi" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42145 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42145/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42145 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42145/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42145/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42145 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Juniper IVE OS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to meeting_testjava.cgi is not properly sanitised before being returned to the user when handling the DSID HTTP header. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.5r7 and 7.0r3. SOLUTION: Update to version 6.5r7 and 7.0r3. PROVIDED AND/OR DISCOVERED BY: Davy Douhine, reported via ZDI ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-231/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 15:46:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 00:46:43 +0100 Subject: [SEC] [SA42138] pfSense "graph.php" Cross-Site Scripting Vulnerabilities Message-ID: <201011092346.oA9Nkhx9001659@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: pfSense "graph.php" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42138 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42138/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42138 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42138/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42138/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42138 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: dave b has discovered some vulnerabilities in pfSense, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "ifnum" and "ifname" parameters to graph.php in the web-based interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow links from untrusted sources while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: dave b ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0044.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 16:14:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 01:14:08 +0100 Subject: [SEC] [SA42181] Red Hat Certificate Server MD5 and SCEP Vulnerabilities Message-ID: <201011100014.oAA0E8H6022967@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat Certificate Server MD5 and SCEP Vulnerabilities SECUNIA ADVISORY ID: SA42181 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42181/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42181 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42181/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42181/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42181 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged a security issue and some vulnerabilities in Red Hat Certificate System, which can be exploited by malicious people to conduct spoofing attacks and malicious users and malicious people to bypass certain security features. 1) The certificate authority does not properly restrict certain SCEP calls to authenticated registration authorities, which can be exploited to e.g. decrypt a sniffed one-time PIN. 2) The certificate authority does not properly prevent one-time PINs from being used multiple times in enrollment requests, which can be exploited to e.g. generate an unlimited amount of certificates. Successful exploitation requires a valid enrollment one-time PIN. 3) The certificate authority uses the MD5 cryptographic hash function to sign SCEP responses, which can be exploited to facilitate spoofing via collision attacks. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by a Red Hat customer. 3) Reported by the vendor. ORIGINAL ADVISORY: RHSA-2010-0837: https://rhn.redhat.com/errata/RHSA-2010-0837.html RHSA-2010-0838: https://rhn.redhat.com/errata/RHSA-2010-0838.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 16:49:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 01:49:57 +0100 Subject: [SEC] [SA40670] Seo Panel Multiple Vulnerabilities Message-ID: <201011100049.oAA0nvjP012208@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Seo Panel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40670 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40670/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40670 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/40670/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40670/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40670 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Seo Panel, which can be exploited by malicious users to conduct script insertion attacks, SQL injection attacks, and disclose sensitive information and by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and bypass certain security restrictions. 1) Input passed via the "capcheck" and "dir_name" parameters to directories.php (when "sec" is set to "directorymgr") and via the "userName", "password", "confirmPassword", "firstName", "lastName", and "email" parameters to users.php (when "sec" is set to "create") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's username and password when a logged-in administrator visits a specially crafted web site. 3) The "checkLoggedIn()" and "checkAdminLoggedIn()" functions in includes/sp-common.php do not properly terminate execution, which can be exploited to perform e.g. administrative actions via direct HTTP requests without being authenticated. 4) Input passed via various parameters to multiple scripts e.g. the "website_id" parameter to backlinks.php, cron.php, directories.php, generate-reports.php, graphical-reports.php, keywords.php, rank.php, saturationchecker.php, and sitemap.php, the "dir_id" and "url" parameters to directories.php, the "id" parameter to directories.php, keywords.php, seo-plugins-manager.php, and website.php, the "keyword_id" parameter to generate-reports.php and reports.php, the "seId" parameter to graphical-reports.php and reports.php, the "keywordId" parameter to graphical-reports.php and keywords.php, the "fromTime" and "toTime" parameters to graphical-reports.php, the "name", "country_code", and "lang_code" parameters to keywords.php, the "se_id" and "keyId" parameters to reports.php, the "seoplugin_id" and "pid" parameters to seo-plugins-manager.php, the "seotool_id" parameter to seo-tools-manager.php, the "userId" parameter to users.php, and the "websiteId" parameter to website.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) Input passed via various parameters to multiple scripts e.g. the "pid" parameter to seo-plugins-manager.php, the "firstName", "lastName", and "id" parameters to users.php, and the "name" parameter to website.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 6) Input passed via various parameters to multiple scripts e.g. the "keywordId" parameter to keywords.php (when "sec" is set to "reports"), the "website_urls" parameter to saturationchecker.php and backlinks.php, the "pageno" parameter to users.php and websites.php, the "userName" parameter to login.php and register.php, and the "firstName", "lastName", and "email" parameters to register.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Input passed via the "firstName" and "lastName" parameters to users.php (when "sec" is set to "updatemyprofile") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 8) Input passed via various parameters to multiple scripts e.g. the "stscheck", "dir_name", and "status" parameters to directories.php, the "searchengines", "website_id", "country_code", and "lang_code" parameters to keywords.php, the "userid" and "user_id" parameters to website.php, and the "time" parameter to reports.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 9) Input passed via various parameters to multiple scripts e.g. the "name" and "url" parameters to website.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 10) Input passed via the "file" parameter to download.php is not properly verified before being used to read files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks. The vulnerabilities are confirmed in version 2.0.2. Other versions may also be affected. NOTE: Successful exploitation of vulnerabilities #4, #5, #8, #9, and #10 requires authentication but can be exploited in combination with vulnerability #3. SOLUTION: Update to version 2.1.0, which fixes vulnerabilities #3, #4, and #5. PROVIDED AND/OR DISCOVERED BY: 1, 2) Russ McRee, reported via Secunia. 3 - 9) Secunia Research 10) Independently discovered by Secunia Research and MaXe (@InterN0T) ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-96/ http://secunia.com/secunia_research/2010-97/ http://secunia.com/secunia_research/2010-131/ http://secunia.com/secunia_research/2010-132/ http://secunia.com/secunia_research/2010-133/ Seo Panel: http://forum.seopanel.in/viewtopic.php?f=7&t=105 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 17:13:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 02:13:33 +0100 Subject: [SEC] [SA42180] HAVP Insecure Whitelist Security Issue Message-ID: <201011100113.oAA1DX01000823@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HAVP Insecure Whitelist Security Issue SECUNIA ADVISORY ID: SA42180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42180 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in HAVP, which can be exploited by malicious people to bypass certain security restrictions. The security issue caused due to an insecure entry in the HAVP whitelist configuration file "/etc/havp/whitelist". This can be exploited to bypass detection by HAVP by serving malware via a domain ending with "sourceforge.net". The security issue is reported in versions prior to 0.92a. SOLUTION: Update to version 0.92a. PROVIDED AND/OR DISCOVERED BY: Timeless Prototype ORIGINAL ADVISORY: HAVP: http://www.server-side.de/index.htm upSploit: https://www.upsploit.com/index.php/advisories/view/UPS-2010-0001 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 17:45:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 02:45:32 +0100 Subject: [SEC] [SA42199] Fedora update for pootle Message-ID: <201011100145.oAA1jWV7022338@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for pootle SECUNIA ADVISORY ID: SA42199 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42199/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42199 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42199/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42199/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42199 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pootle. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA42185 SOLUTION: Apply updated packages using the yum utility ("yum update pootle"). ORIGINAL ADVISORY: FEDORA-2010-16990: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050597.html FEDORA-2010-16998: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050540.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 18:10:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 03:10:42 +0100 Subject: [SEC] [SA42164] Joomla! JQuarks4s Component "q" SQL Injection Vulnerability Message-ID: <201011100210.oAA2AgPY011098@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! JQuarks4s Component "q" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42164 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42164/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42164 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42164/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42164/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42164 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered a vulnerability in the JQuarks4s component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "q" array index parameter to index.php (when "option" is set to "com_jquarks4s", "task" is set to "submitSurvey", and the "q" parameter is set to "4") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: Salvatore Fresta: http://adv.salvatorefresta.net/JQuarks4s_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-08112010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 18:45:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 03:45:25 +0100 Subject: [SEC] [SA38521] Microsoft Office Multiple Vulnerabilities Message-ID: <201011100245.oAA2jPUA032674@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38521 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/38521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) Insufficient validation when parsing an Office Art Drawing record, which contains "msofbtSp" records that specify certain flags can be exploited to corrupt memory via a specially crafted Office file. 2) A boundary error when parsing RTF (Rich Text Format) formatted content can be exploited to cause a stack-based buffer overflow via a specially crafted file. 3) An error handling a large SPID can be exploited to corrupt memory via a specially crafted file. 4) An error in the drawing exception handling can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Dyon Balding, Secunia Research. The vendor also credits Will Dorman, CERT/CC. 2) The vendor credits team509 via iDefense. 3) The vendor credits Chaouki Bekrar, Vupen. 4) The vendor credits ZDI. ORIGINAL ADVISORY: MS10-087 (KB2289158, KB2289161, KB2289169, KB2289187, KB2423930, KB2454823): http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx Secunia Research: http://secunia.com/secunia_research/2010-4/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 19:17:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 04:17:25 +0100 Subject: [SEC] [SA40820] Novell GroupWise Multiple Vulnerabilities Message-ID: <201011100317.oAA3HPs9022227@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Novell GroupWise Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40820 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/40820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to disclose sensitive information or compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct spoofing attacks, or compromise a vulnerable system. 1) An input validation error in the WebAccess Agent and the Document Viewer Agent can be exploited to download arbitrary local files via directory traversal attacks. Successful exploitation of the WebAccess Agent requires authentication. 2) A boundary error exists within gwia.exe in the parsing of entities in Content-Type headers in received e-mail messages, which can be exploited to cause a stack-based buffer overflow. 3) A boundary error exists within gwia.exe in the parsing of Content-Type headers in received e-mail messages, which can be exploited to cause a stack-based buffer overflow. 4) A boundary error exists in the parsing of VCALENDAR data within gwwww1.dll when processing a RRULE variable, which can be exploited to cause a buffer overflow via a specially crafted e-mail message. 5) A boundary error exists in the parsing of VCALENDAR data within gwwww1.dll when processing a COMMENT variable, which can be exploited to cause a buffer overflow via a specially crafted e-mail message. 6) An error exists in the handling of signed integers in the parsing Content-Type headers within gwia.exe, which can be exploited to cause a stack-based buffer overflow via a specially crafted e-mail message. 7) A boundary error exists in the parsing of VCALENDAR data within gwwww1.dll when processing a TZNAME variable, which can be exploited to cause a buffer overflow via a specially crafted e-mail message. 8) An error in the handling of IMAP LIST commands can be exploited to trigger a double-free condition by passing a large parameter to the affected command. 9) A boundary error in the IMAP services can be exploited to cause a stack-based buffer overflow via a specially crafted LIST or LSUB request. Successful exploitation of this vulnerability requires authentication. 10) An unspecified error exists in the HTTP interfaces for the GroupWise agents (Message Transfer Agent, Post Office Agent, Internet Agent, WebAccess Agent, Monitor Agent). Successful exploitation of vulnerabilities #2 to #10 may allow execution of arbitrary code. 11) Unspecified Input passed to the WebPublisher component of GroupWise WebAccess is not properly sanitised before being used. This can be exploited to e.g. redirect users to an untrusted fake site. SOLUTION: Apply the hot patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Mehul Revankar, reported through Secunia 2-7) Anonymous, reported via ZDI 8) Francis Provencher, reported via ZDI 9) Francis Provencher, Protek Research Lab's 10) The vendor credits Anonymous, working with ZDI 11) The vendor credits Pat Bergoch at Amerimark ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007152 http://www.novell.com/support/viewContent.do?externalId=7007156 http://www.novell.com/support/viewContent.do?externalId=7007153 http://www.novell.com/support/viewContent.do?externalId=7007155 http://www.novell.com/support/viewContent.do?externalId=7007154 http://www.novell.com/support/viewContent.do?externalId=7007151 http://www.novell.com/support/viewContent.do?externalId=7007157 http://www.novell.com/support/viewContent.do?externalId=7007159 http://www.novell.com/support/viewContent.do?externalId=7007158 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-237/ http://www.zerodayinitiative.com/advisories/ZDI-10-238/ http://www.zerodayinitiative.com/advisories/ZDI-10-239/ http://www.zerodayinitiative.com/advisories/ZDI-10-240/ http://www.zerodayinitiative.com/advisories/ZDI-10-241/ http://www.zerodayinitiative.com/advisories/ZDI-10-242/ http://www.zerodayinitiative.com/advisories/ZDI-10-243/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 19:45:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 04:45:20 +0100 Subject: [SEC] [SA42151] Apple Mac OS X ATSServer CFF Font Parsing Vulnerability Message-ID: <201011100345.oAA3jKWD011088@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X ATSServer CFF Font Parsing Vulnerability SECUNIA ADVISORY ID: SA42151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42151 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apple Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a signedness error in ATSServer when handling the CharStrings INDEX structure and can be exploited to cause a buffer overflow via e.g. a PDF file containing a specially crafted CFF font. This may be related to vulnerability #1: SA40807 Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 10.5. SOLUTION: Upgrade to version 10.6, which is reportedly not affected. PROVIDED AND/OR DISCOVERED BY: Anibal Sacco and Matias Eissler, Core Security Technologies. ORIGINAL ADVISORY: Core Security Technologies (CORE-2010-0825): http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 20:09:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 05:09:16 +0100 Subject: [SEC] [SA42170] Silo Insecure Library Loading Vulnerability Message-ID: <201011100409.oAA49GJk032187@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Silo Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42170 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Silo, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the Qt library, which loads libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a SIB file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. For more information: SA41537 The vulnerability is confirmed in version 2.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4972.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 20:23:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 05:23:19 +0100 Subject: [SEC] [SA42110] SAP NetWeaver Composition Environment Memory Corruption Vulnerability Message-ID: <201011100423.oAA4NJiG020440@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Composition Environment Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA42110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42110 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the NetWeaver Composition Environment component when processing SOAP requests within sapstartsrv.exe. This can be exploited to e.g. overwrite certain function pointers and execute arbitrary code by sending specially crafted SOAP requests to port 50013 or 50113. SOLUTION: Reportedly, a patch is available via SAP Note 1414444. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri, reported via ZDI ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-236/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 20:44:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 05:44:00 +0100 Subject: [SEC] [SA42115] PayPal for iPhone Certificate Verification Security Issue Message-ID: <201011100444.oAA4i0M5008981@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PayPal for iPhone Certificate Verification Security Issue SECUNIA ADVISORY ID: SA42115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42115 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in PayPal for iPhone, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not verifying the server certificate of the payment service's website. This can be exploited to e.g. spoof the website via a MitM (Man-in-the-Middle) attack and e.g. disclose the username and password. The security issue is reported in versions prior to 3.0.1. SOLUTION: Update to version 3.0.1. PROVIDED AND/OR DISCOVERED BY: viaForensics ORIGINAL ADVISORY: Apple iTunes: http://itunes.apple.com/us/app/paypal/id283646709 viaForensics: http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 21:09:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 06:09:16 +0100 Subject: [SEC] [SA42060] SmartFTP Filename Processing Unspecified Vulnerability Message-ID: <201011100509.oAA59GBf030129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SmartFTP Filename Processing Unspecified Vulnerability SECUNIA ADVISORY ID: SA42060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42060 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in SmartFTP. The vulnerability is caused due to an unspecified error when processing filenames. No further information is currently available. The vulnerability is reported in versions prior to 4.0 Build 1142. SOLUTION: Update to version 4.0 Build 1142 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://smartftp.com/forums/index.php?/topic/16425-smartftp-client-4-0-change-log OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 21:23:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 06:23:08 +0100 Subject: [SEC] [SA42185] Pootle "match_names" Cross-Site Scripting Vulnerability Message-ID: <201011100523.oAA5N8eS018375@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pootle "match_names" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42185 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Pootle, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "match_names" parameter via the "translate" URL pattern to local_apps/pootle_store/views.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 2.1.2. PROVIDED AND/OR DISCOVERED BY: Yeyah ORIGINAL ADVISORY: http://sourceforge.net/projects/translate/files//Pootle/2.1.2/RELEASE.txt/view http://www.xssed.com/mirror/70160/ https://bugzilla.redhat.com/show_bug.cgi?id=647832 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 21:43:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 06:43:54 +0100 Subject: [SEC] [SA42156] Spree JSON Cross-Site Request Forgery Vulnerability Message-ID: <201011100543.oAA5hsiE006919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Spree JSON Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42156 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Spree, which can be exploited by malicious people to conduct cross-site request forgery attacks. The applications performs certain actions via HTTP requests to the JSON service without checking the validity of the requests. This can be exploited to e.g. disclose sensitive user and order information when a logged-in user visits a specially crafted site. The vulnerability is reported in versions prior to 0.11.2. SOLUTION: Update to version 0.11.2. PROVIDED AND/OR DISCOVERED BY: Conviso Security ORIGINAL ADVISORY: Spree: http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/ Conviso Security: http://www.conviso.com.br/json-hijacking-vulnerability/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 9 22:08:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 07:08:30 +0100 Subject: [SEC] [SA39304] Microsoft Office PowerPoint Two Vulnerabilities Message-ID: <201011100608.oAA68UY0028045@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office PowerPoint Two Vulnerabilities SECUNIA ADVISORY ID: SA39304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39304 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/39304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. 1) A logic error in PP7X32.DLL when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted PowerPoint 95 file. 2) An integer underflow error can be exploited to corrupt memory via a specially crafted PowerPoint file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research. 2) The vendor credits an anonymous person via ZDI. ORIGINAL ADVISORY: MS10-088 (KB2293386, KB2413272, KB2413304, KB2413381): http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx Secunia Research: http://secunia.com/secunia_research/2010-61/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 10:29:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 19:29:27 +0100 Subject: [SEC] [SA42171] WeBid Two Vulnerabilities Message-ID: <201011101829.oAAITRWW016643@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WeBid Two Vulnerabilities SECUNIA ADVISORY ID: SA42171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42171 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in WeBid, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed via the "id" parameter to confirm.php (when "lan" is set) is not correctly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "lan" parameter to active_auctions.php is not properly verified before being used in e.g. includes/messages.inc.php. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 0.85P1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62 http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Local.File.Inclusion/63 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 11:29:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 20:29:09 +0100 Subject: [SEC] [SA42132] PHPShop "name_new" Cross-Site Scripting Vulnerability Message-ID: <201011101929.oAAJT9Hs006942@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PHPShop "name_new" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42132 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PHPShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "name_new" POST parameter when registering a new user account is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: mustlive ORIGINAL ADVISORY: http://websecurity.com.ua/4512/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 12:29:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 21:29:04 +0100 Subject: [SEC] [SA42128] OpenFabrics Enterprise Distribution (OFED) "ofa_kernel" RDS Privilege Escalation Message-ID: <201011102029.oAAKT4Mt029641@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenFabrics Enterprise Distribution (OFED) "ofa_kernel" RDS Privilege Escalation SECUNIA ADVISORY ID: SA42128 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42128/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42128 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42128/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42128/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42128 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenFabrics Enterprise Distribution (OFED), which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error within the "rds_page_copy_user()" function in net/rds/page.c of the ofa_kernel, which can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://www.vsecurity.com/resources/advisory/20101019-1/ http://www.openwall.com/lists/oss-security/2010/11/04/7 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 13:29:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 22:29:44 +0100 Subject: [SEC] [SA42163] AusweisApp Certificate Verification Vulnerability Message-ID: <201011102129.oAALTier019980@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AusweisApp Certificate Verification Vulnerability SECUNIA ADVISORY ID: SA42163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42163 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jan Schejbal has discovered a vulnerability in AusweisApp, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the automatic update functionality not properly checking the validity of the SSL certificate for the update server. This can be exploited to spoof an update server (e.g. via DNS poisoning or a Man-in-the-Middle attack) and store arbitrary files in the AutoStart folder via a specially crafted update package. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Do not use the update functionality. PROVIDED AND/OR DISCOVERED BY: Jan Schejbal ORIGINAL ADVISORY: http://janschejbal.wordpress.com/2010/11/09/ausweisapp-gehackt-malware-uber-autoupdate/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 14:24:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 23:24:17 +0100 Subject: [SEC] [SA41546] Skype for iPhone URL Handler Dial Number Weakness Message-ID: <201011102224.oAAMOHsd010052@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Skype for iPhone URL Handler Dial Number Weakness SECUNIA ADVISORY ID: SA41546 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41546/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41546 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/41546/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41546/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41546 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Skype for iPhone, which can be exploited by malicious people to perform certain actions without user confirmation. The weakness is called due to the application not asking for user confirmation before calling a number when being invoked via a "skype://" URL. This can be exploited to make a call to an arbitrary number e.g. when a user visits a specially crafted web page. The weakness is confirmed in Skype for iPhone version 2.1.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Nitesh Dhanjani ORIGINAL ADVISORY: http://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 14:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Nov 2010 23:44:50 +0100 Subject: [SEC] [SA41717] SilverStripe Cross-Site Request Forgery Vulnerability Message-ID: <201011102244.oAAMiomc030971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SilverStripe Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41717 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41717/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41717 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/41717/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41717/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41717 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in SilverStripe, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete an administrative user or delete an image by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 2.4.2. Other versions may also be affected. SOLUTION: The vulnerability is fixed in version 2.4.3-rc1 and 2.3.9-rc1. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. ORIGINAL ADVISORY: SilverStripe: http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f3a5facb3a1f64aa http://groups.google.com/group/silverstripe-announce/browse_thread/thread/360207c2db61cb80 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 15:16:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 00:16:16 +0100 Subject: [SEC] [SA42162] Red Hat update for kernel Message-ID: <201011102316.oAANGG7R020099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA42162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42162 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel. This fixes multiple weaknesses and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose certain system and potentially sensitive information. For more information: SA27555 SA28696 SA41245 SA41284 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0839-1: https://rhn.redhat.com/errata/RHSA-2010-0839.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 15:46:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 00:46:36 +0100 Subject: [SEC] [SA42157] Adobe Flash Media Server Multiple Vulnerabilities Message-ID: <201011102346.oAANkaSM009073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Flash Media Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42157 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42157/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42157 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42157/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42157/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42157 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Flash Media Server (FMS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code. 1) An unspecified memory leak error can be exploited to cause a DoS. 2) An unspecified error within the Flash Media Server edge process can be exploited to cause a DoS. 3) An unspecified error can be exploited to cause a segmentation fault and potentially execute arbitrary code. The vulnerabilities are reported in Adobe Flash Media Server version 3.0.6 and prior, 3.5.4 and prior, and 4.0 and prior. SOLUTION: Update to Flash Media Server version 3.0.7, 3.5.5, or 4.0.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Yoshitaka Inoue, NTT Smart Connect 2) Reported by the vendor 3) Amazon Web Services ORIGINAL ADVISORY: APSB10-27: http://www.adobe.com/support/security/bulletins/apsb10-27.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 16:12:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 01:12:48 +0100 Subject: [SEC] [SA42165] Free CD to MP3 Converter Buffer Overflow Vulnerability Message-ID: <201011110012.oAB0CmLC030266@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Free CD to MP3 Converter Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42165 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Free CD to MP3 Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing WAV files and can be exploited to cause a stack-based buffer overflow via a specially crafted file containing an overly long string. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a file. The vulnerability is confirmed in version 3.1 Build 20100413. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15480/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 16:45:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 01:45:43 +0100 Subject: [SEC] [SA42131] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities Message-ID: <201011110045.oAB0jhgN019356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 10 17:12:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 02:12:13 +0100 Subject: [SEC] [SA42144] Microsoft Office for Mac Multiple Vulnerabilities Message-ID: <201011110112.oAB1CDVD008160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office for Mac Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42144 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42144/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42144 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42144/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42144/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42144 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office for Mac, which can be exploited by malicious people to compromise a user's system. For more information: SA38521 SOLUTION: Security updates are currently unavailable. ORIGINAL ADVISORY: MS10-087 (KB2423930): http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 10:29:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 19:29:55 +0100 Subject: [SEC] [SA42168] Drupal Category Tokens Module Script Insertion Vulnerability Message-ID: <201011111829.oABITtE8005733@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Category Tokens Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42168 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Category Tokens module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via vocabulary names when creating or editing vocabularies is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer taxonomy" permissions. The vulnerability is reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dave Reid, Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2010-102: http://drupal.org/node/968176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 11:29:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 20:29:41 +0100 Subject: [SEC] [SA39259] Apple QuickTime Sorenson Video 3 Array-Indexing Vulnerability Message-ID: <201011111929.oABJTfgu028438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Sorenson Video 3 Array-Indexing Vulnerability SECUNIA ADVISORY ID: SA39259 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39259 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/39259/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39259/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39259 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array-indexing error when parsing Sorenson Video 3 content and can be exploited to corrupt memory during decompression via a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 7.6.6 and 7.6.8. Other versions may also be affected. SOLUTION: This will be addressed in an upcoming version for Windows. A fix is available for Mac OS X. PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research. The vendor also credits an anonymous person via ZDI. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4435 Secunia Research: http://secunia.com/secunia_research/2010-60/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 12:29:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 21:29:20 +0100 Subject: [SEC] [SA42219] Red Hat update for cups Message-ID: <201011112029.oABKTKe8018744@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA42219 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42219/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42219 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42219/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42219/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42219 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA41706 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0866-2: https://rhn.redhat.com/errata/RHSA-2010-0866.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 13:29:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 22:29:23 +0100 Subject: [SEC] [SA42218] Red Hat update for java-1.5.0-ibm Message-ID: <201011112129.oABLTNI4009062@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA42218 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42218/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42218 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42218/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42218/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42218 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities,, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA41882 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0873-2: https://rhn.redhat.com/errata/RHSA-2010-0873.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 14:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 23:23:27 +0100 Subject: [SEC] [SA42213] Red Hat update for nss Message-ID: <201011112223.oABMNR3e031524@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for nss SECUNIA ADVISORY ID: SA42213 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42213/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42213 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42213/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42213/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42213 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA41244 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0862-2: https://rhn.redhat.com/errata/RHSA-2010-0862.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 14:44:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Nov 2010 23:44:26 +0100 Subject: [SEC] [SA42223] Red Hat update for bzip2 Message-ID: <201011112244.oABMiQ4d020083@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for bzip2 SECUNIA ADVISORY ID: SA42223 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42223 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42223/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42223/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42223 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41452 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0858-3: https://rhn.redhat.com/errata/RHSA-2010-0858.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 15:17:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 00:17:36 +0100 Subject: [SEC] [SA41945] KaiBB Multiple Vulnerabilities Message-ID: <201011112317.oABNHaDr009299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: KaiBB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41945 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41945/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41945 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/41945/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41945/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41945 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in KaiBB, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed via the "user" parameter to staff/index.php (when "area" is set to "users" and "s" is set to "account") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an arbitrary forum or assign a user administrative privileges by tricking an administrative user into visiting a malicious web site. 3) Input passed via the "a" parameter to staff/index.php (when "area" is set to "users" and "s" is set to "account") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Moderator" privileges and requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 15:46:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 00:46:41 +0100 Subject: [SEC] [SA42173] SUSE update for kernel Message-ID: <201011112346.oABNkfMG030614@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA42173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42173 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA41693 1) An error within the RDS implementation can be exploited to overflow the rdma page count. 2) An error within the RDS implementation can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:057: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 16:11:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 01:11:39 +0100 Subject: [SEC] [SA42212] Red Hat update for freetype Message-ID: <201011120011.oAC0BdNL019366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA42212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42212 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40586 SA40816 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0864-2: https://rhn.redhat.com/errata/RHSA-2010-0864.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 16:45:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 01:45:58 +0100 Subject: [SEC] [SA42216] Red Hat update for firefox Message-ID: <201011120045.oAC0jwma008533@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA42216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42216 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SA41957 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0861-2 https://rhn.redhat.com/errata/RHSA-2010-0861.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 17:13:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 02:13:02 +0100 Subject: [SEC] [SA42201] Emuci eBlog "id" and "keyword" SQL Injection Vulnerabilities Message-ID: <201011120113.oAC1D2XX029781@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Emuci eBlog "id" and "keyword" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42201 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered some vulnerabilities in Emuci eBlog, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the "id" parameter in topics.php and sections.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "id" parameter in pages.php and to the "keyword" parameter in search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/eBlog_1.7_Multiple_SQL_Injection_Vulnerabilities-10112010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 17:44:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 02:44:24 +0100 Subject: [SEC] [SA42215] Red Hat update for glibc Message-ID: <201011120144.oAC1iOId018794@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA42215 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42215/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42215 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42215/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42215/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42215 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes two weaknesses, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0872-2: https://rhn.redhat.com/errata/RHSA-2010-0872.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 18:09:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 03:09:29 +0100 Subject: [SEC] [SA42226] Red Hat update for poppler Message-ID: <201011120209.oAC29Tjb007549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for poppler SECUNIA ADVISORY ID: SA42226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42226 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA41596 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0859-3: https://rhn.redhat.com/errata/RHSA-2010-0859.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 18:24:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 03:24:00 +0100 Subject: [SEC] [SA42200] FreeBSD "pfs_getextattr()" Privilege Escalation Vulnerability Message-ID: <201011120224.oAC2O0YZ028229@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FreeBSD "pfs_getextattr()" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42200 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to a mutex unlock error in the "pfs_getextattr()" function within the "pseudofs" module when handling extended attributes. This can be exploited to cause a kernel panic and crash the system. Successful exploitation may allow execution of arbitrary code in the kernel, but requires the system to allow NULL page mapping. The vulnerability is reported in version 7.x prior to 7.3-RELEASE and version 8.x prior to 8.0-RC1. SOLUTION: Update FreeBSD or apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Przemyslaw Frasunek. ORIGINAL ADVISORY: http://security.freebsd.org/advisories/FreeBSD-SA-10:09.pseudofs.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 18:44:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 03:44:37 +0100 Subject: [SEC] [SA42225] Red Hat update for kernel Message-ID: <201011120244.oAC2ib5A016766@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA42225 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42225/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42225 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42225/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42225/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42225 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA40656 SA41245 SA41378 SA41462 SA41493 SA41650 SA41693 1) An error within the SCTP implementation can be exploited to cause a crash by sending specially crafted network traffic. 2) An error within the SCTP implementation when handling HMAC calculations can be exploited to cause a crash by sending specially crafted network traffic. 3) An error within the RDS implementation can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2, 3) Red Hat credits Dan Rosenberg ORIGINAL ADVISORY: RHSA-2010-0842: https://rhn.redhat.com/errata/RHSA-2010-0842.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 19:13:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 04:13:23 +0100 Subject: [SEC] [SA42227] Red Hat update for krb5 Message-ID: <201011120313.oAC3DNWP006164@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA42227 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42227/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42227 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42227/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42227/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42227 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41684 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0863-2: https://rhn.redhat.com/errata/RHSA-2010-0863.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 19:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 04:44:33 +0100 Subject: [SEC] [SA42214] Fedora update for libsmi Message-ID: <201011120344.oAC3iXle027588@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for libsmi SECUNIA ADVISORY ID: SA42214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42214 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libsmi. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41841 SOLUTION: Apply updated packages using the yum utility ("yum update libsmi"). ORIGINAL ADVISORY: FEDORA-2010-17126: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050675.html FEDORA-2010-17096: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050704.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 20:09:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 05:09:35 +0100 Subject: [SEC] [SA42161] FileCOPA Directory Traversal Vulnerability Message-ID: <201011120409.oAC49ZNS016333@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FileCOPA Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42161 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42161/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42161 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42161/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42161/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42161 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Pawel h0wl Wylecial has reported a vulnerability in FileCOPA, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an input validation error when downloading files and can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is reported in version 6.01. Other versions may also be affected. SOLUTION: Update to version 6.01.01. PROVIDED AND/OR DISCOVERED BY: Pawel h0wl Wylecial ORIGINAL ADVISORY: Pawel h0wl Wylecial: http://h0wl.baywords.com/2010/11/08/filecopa-ftp-server-6-01-directory-traversal/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 20:23:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 05:23:49 +0100 Subject: [SEC] [SA42217] Fedora update for proftpd Message-ID: <201011120423.oAC4Nn1k004574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for proftpd SECUNIA ADVISORY ID: SA42217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42217 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for proftpd. This fixes multiple vulnerabilities, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system. For more information: SA42052 SOLUTION: Apply updated packages using the yum utility ("yum update proftpd"). ORIGINAL ADVISORY: FEDORA-2010-17098: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 20:44:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 05:44:45 +0100 Subject: [SEC] [SA42188] LANDesk Management Gateway Cross-Site Request Forgery Vulnerability Message-ID: <201011120444.oAC4ij08025554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LANDesk Management Gateway Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42188 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42188/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42188 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42188/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42188/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42188 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in LANDesk Management Gateway, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. inject and execute arbitrary shell commands if a logged-in administrator visits a specially crafted web site. The vulnerability is reported in versions 4.2 GSBWEB v1.61 and 4.0 GSBWEB v1.61s. Other versions may also be affected. SOLUTION: Apply patch GSBWEB_62. PROVIDED AND/OR DISCOVERED BY: Aureliano Calvo, Core Security Technologies ORIGINAL ADVISORY: LANDesk: http://community.landesk.com/support/docs/DOC-21767 Core Security Technologies: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 21:10:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 06:10:11 +0100 Subject: [SEC] [SA42224] Fedora update for seamonkey Message-ID: <201011120510.oAC5ABJZ014314@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for seamonkey SECUNIA ADVISORY ID: SA42224 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42224/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42224 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42224/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42224/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42224 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA41923 SA41957 SOLUTION: Apply updated packages using the yum utility ("yum update seamonkey"). ORIGINAL ADVISORY: FEDORA-2010-17145: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050688.html FEDORA-2010-17084: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050684.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 21:24:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 06:24:04 +0100 Subject: [SEC] [SA42176] Linux Kernel Block Layer Denial of Service Vulnerabilities Message-ID: <201011120524.oAC5O4EZ002521@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel Block Layer Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42176 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42176/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42176 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42176/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42176/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42176 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported some vulnerabilities in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) Errors within the "bio_copy_user_iov()" and "__bio_map_user_iov()" functions in fs/bio.c when calculating the number of pages to allocate can be exploited to cause a huge allocation and e.g. trigger the out of memory handler or crash a system by sending specially crafted IOCTLs. 2) An error within the "blk_rq_map_user_iov()" functon in block/blk-map.c when processing certain I/O requests with a length of 0 can be exploited to crash the system. Successful exploitation requires that the attacker can send IOCTLs to SCSI devices (e.g. is a member of the "cdrom" group). SOLUTION: Fixed in Jens Axboe's GIT repository. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2010/11/10/18 1) http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=cb4644cac4a2797afc847e6c92736664d4b0ea34 2) http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 21:44:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 06:44:45 +0100 Subject: [SEC] [SA42187] Linux Kernel Socket Filter Memory Leak Weakness Message-ID: <201011120544.oAC5ijRE023500@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel Socket Filter Memory Leak Weakness SECUNIA ADVISORY ID: SA42187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42187 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported a weakness in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information. The weakness is caused due to the "sk_run_filter()" function in net/core/filter.c not properly initializing a local array, which can be exploited to disclose kernel stack memory. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0090.html http://www.spinics.net/lists/netdev/msg146361.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 11 22:09:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 07:09:45 +0100 Subject: [SEC] [SA42174] Mono Unsafe Library Loading Vulnerability Message-ID: <201011120609.oAC69jCk012244@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mono Unsafe Library Loading Vulnerability SECUNIA ADVISORY ID: SA42174 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42174/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42174 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42174/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42174/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42174 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mono, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to Mono loading libraries from the current directory, which can be exploited to execute arbitrary code by e.g. tricking a user into running a Mono application in a directory containing a malicious library. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Richard Brooksby ORIGINAL ADVISORY: https://bugzilla.novell.com/show_bug.cgi?id=641915 https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 10:29:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 19:29:49 +0100 Subject: [SEC] [SA42189] Red Hat update for kernel Message-ID: <201011121829.oACITnwO000729@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA42189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42189 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA35265 SA36707 SA37435 SA40965 SA41462 1) A vulnerability is caused due to a use-after-free error within the "tcp_rcv_state_process()" function, which can be exploited to cause a kernel crash by e.g. sending a specially crafted IPv6 packet to a listening socket with the IPV6_RECVPKTINFO option enabled. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0882: http://rhn.redhat.com/errata/RHSA-2010-0882.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 11:29:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 20:29:46 +0100 Subject: [SEC] [SA42239] IBM Systems Director Agent "reset_diragent_keys" Insecure File Permissions Message-ID: <201011121929.oACJTk1P023513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Systems Director Agent "reset_diragent_keys" Insecure File Permissions SECUNIA ADVISORY ID: SA42239 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42239/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42239 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42239/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42239/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42239 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM Systems Director Agent, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to execute permissions for the "system" group being assigned to the "reset_diragent_keys" script. This can be exploited to potentially perform certain restricted actions by executing the script. Successful exploitation requires that the attacker belongs to the "system" group. SOLUTION: Apply APAR IC71821. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IC71821): http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 12:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 21:29:43 +0100 Subject: [SEC] [SA42220] DaDaBIK "select_single" Field Type Script Insertion Vulnerability Message-ID: <201011122029.oACKThla013817@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DaDaBIK "select_single" Field Type Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42220 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DaDaBIK, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the "select_single" field type parameter is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: The vulnerability is fixed in version 4.3 beta2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.dadabik.org/index.php?function=show_changelog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 13:29:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 22:29:21 +0100 Subject: [SEC] [SA42234] Fedora update for banshee Message-ID: <201011122129.oACLTLYa004107@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for banshee SECUNIA ADVISORY ID: SA42234 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42234/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42234 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42234/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42234/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42234 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for banshee. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA42237 SOLUTION: Apply updated packages via the yum utility ("yum update banshee"). ORIGINAL ADVISORY: FEDORA-2010-16907: https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc12 FEDORA-2010-16916: https://admin.fedoraproject.org/updates/banshee-1.6.1-4.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 14:23:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 23:23:48 +0100 Subject: [SEC] [SA42190] IBM WebSphere Application Server for z/OS APR-util Denial of Service Message-ID: <201011122223.oACMNm2j026587@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS APR-util Denial of Service SECUNIA ADVISORY ID: SA42190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42190 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA41701 SOLUTION: Apply APAR PM23263 or update to version 6.1.0.35 when it becomes available. ORIGINAL ADVISORY: IBM (PM23263) http://www-01.ibm.com/support/docview.wss?uid=swg1PM25599 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 14:44:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Nov 2010 23:44:34 +0100 Subject: [SEC] [SA42137] Ubuntu update for libvpx Message-ID: <201011122244.oACMiY8D015127@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libvpx SECUNIA ADVISORY ID: SA42137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42137 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libvpx. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42118 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1015-1: http://www.ubuntu.com/usn/usn-1015-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 15:16:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 00:16:42 +0100 Subject: [SEC] [SA42172] Linux Kernel MSS Division By Zero Denial of Service Message-ID: <201011122316.oACNGgUE004268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel MSS Division By Zero Denial of Service SECUNIA ADVISORY ID: SA42172 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42172/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42172 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42172/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42172/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42172 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain TCP maximum segment sizes, which can be exploited to e.g. trigger a division by zero causing a kernel crash. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Steve Chen ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.linux.network/177550 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 15:47:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 00:47:04 +0100 Subject: [SEC] [SA42237] Banshee LD_LIBRARY_PATH Security Issue Message-ID: <201011122347.oACNl4LV025679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Banshee LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA42237 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42237/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42237 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42237/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42237/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42237 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Banshee, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "/usr/bin/banshee-1" and "/usr/bin/muinshee" scripts incorrectly setting the environment variable LD_LIBRARY_PATH and GST_PLUGIN_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in versions prior to 1.9.0. SOLUTION: Update to version 1.9.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 16:12:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 01:12:02 +0100 Subject: [SEC] [SA42118] libvpx Invalid Frame Memory Corruption Vulnerability Message-ID: <201011130012.oAD0C21t014414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: libvpx Invalid Frame Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA42118 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42118/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42118 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42118/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42118/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42118 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in libvpx, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error in the vp8 decoder when processing invalid frames, which can be exploited to cause a memory corruption. SOLUTION: Update to version 0.9.5. PROVIDED AND/OR DISCOVERED BY: Google credits Christoph Diehl. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html http://review.webmproject.org/gitweb?p=libvpx.git;a=commit;h=09bcc1f710ea65dc158639479288fb1908ff0c53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 16:46:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 01:46:34 +0100 Subject: [SEC] [SA42235] Fedora update for libguestfs Message-ID: <201011130046.oAD0kYZC003566@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for libguestfs SECUNIA ADVISORY ID: SA42235 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42235/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42235 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42235/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42235/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42235 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libguestfs. This fixes a weakness, which can be exploited by malicious, local users in a guest virtual machine to gain access to potentially sensitive information. For more information: SA41797 SOLUTION: Apply updated packages via the yum utility ("yum update libguestfs"). ORIGINAL ADVISORY: FEDORA-2010-17202: https://admin.fedoraproject.org/updates/libguestfs-1.6.0-1.fc13.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 17:14:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 02:14:00 +0100 Subject: [SEC] [SA42119] IBM OmniFind Enterprise Edition Multiple Vulnerabilities Message-ID: <201011130114.oAD1E04P024825@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM OmniFind Enterprise Edition Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42119 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in IBM OmniFind Enterprise Edition, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting, cross-site request forgery, and session fixation attacks, disclose potentially sensitive information, manipulate certain data, potentially cause a DoS (Denial of Service), and compromise a vulnerable system. 1) Input passed to the "command" parameter in ESAdmin/collection.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. 3) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. 4) A boundary error in the "Java_com_ibm_es_oss_CryptionNative_ESEncrypt()" function (/opt/IBM/es/lib/libffq.cryptionjni.so) can be exploited to cause a stack-based buffer overflow via an overly long "password" parameter submitted to the administrative interface. Successful exploitation may allow execution of arbitrary code in the user context of the interface (by default the root user). 5) The "/opt/IBM/es/bin/esRunCommand" setuid program runs commands supplied as an argument and can be exploited to execute arbitrary shell commands with the privileges of the root user. 6) The "/opt/IBM/es/bin/estaskwrapper" setuid program incorrectly runs the "estasklight" command and can be exploited to gain escalated privileges e.g. by setting the ES_LIBRARY_PATH and PATH environment variables to a directory containing a malicious binary and running the program. 7) Lack of authentication in the ESSearchApplication/palette.do script can be exploited to change the server's configuration. 8) A weakness in the Web Crawler agent when indexing a web page can be exploited to consume server resources potentially causing a DoS. 9) Two weaknesses related to the configuration page and insecure setting of a cookie path may lead to disclosure of sensitive information via other vulnerabilities e.g. cross-site scripting attacks. The vulnerabilities and weaknesses are reported in version 8.5 and 9.1. Other versions may also be affected. SOLUTION: Reportedly patches have been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Fatih Kilic, Fraunhofer SIT. ORIGINAL ADVISORY: http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 17:44:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 02:44:54 +0100 Subject: [SEC] [SA42175] libxml XPath Denial of Service Vulnerability Message-ID: <201011130144.oAD1is0V013836@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: libxml XPath Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42175 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42175/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42175 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42175/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42175/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42175 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in libxml, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when traversing the XPath axis of certain XML files. This can be exploited to cause a crash when an application using the library processes a specially crafted XML file. The vulnerability is reported in versions prior to 2.7.8. SOLUTION: Update to version 2.7.8. PROVIDED AND/OR DISCOVERED BY: Bui Quang Minh, Bkis ORIGINAL ADVISORY: libxml: http://mail.gnome.org/archives/xml/2010-November/msg00015.html Bkis: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 18:09:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 03:09:19 +0100 Subject: [SEC] [SA42166] Ubuntu update for libxml2 Message-ID: <201011130209.oAD29JOb002503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libxml2 SECUNIA ADVISORY ID: SA42166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42166 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42175 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1016-1: http://www.ubuntu.com/usn/usn-1016-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 18:23:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 03:23:41 +0100 Subject: [SEC] [SA42191] SAP NetWeaver "Function Builder" Privilege Escalation Security Issue Message-ID: <201011130223.oAD2NfMJ023207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver "Function Builder" Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA42191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42191 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in SAP NetWeaver, which can be exploited by malicious users to gain escalated privileges. The security issue is caused due to missing permission checks for the "Function Builder" functionality. This can be exploited to access the test functionality and potentially gain escalated privileges. SOLUTION: Update to the latest versions (see SAP Note 1525695 for more information). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SAP (note 1525695): https://service.sap.com/sap/support/notes/1525695 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 18:44:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 03:44:14 +0100 Subject: [SEC] [SA40518] Ubuntu update for mysql Message-ID: <201011130244.oAD2iEis011741@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for mysql SECUNIA ADVISORY ID: SA40518 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40518/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40518 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/40518/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40518/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40518 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for mysql. This fixes multiple security issues and vulnerabilities, where one has unknown impacts and others can be exploited by malicious users to cause a Dos (Denial of Service) and gain escalated privileges. For more information: SA40333 SA41048 SA41716 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1017-1: http://www.ubuntu.com/usn/usn-1017-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 19:15:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 04:15:13 +0100 Subject: [SEC] [SA42231] IBM HTTP Server "mod_dav" Denial of Service Vulnerabilities Message-ID: <201011130315.oAD3FDcA001169@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM HTTP Server "mod_dav" Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42231 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42231/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42231 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42231/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42231/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42231 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply APAR PM24234 or update to version 6.1.0.35 and 7.0.0.15 when it becomes available. ORIGINAL ADVISORY: IBM (PM24234): http://www-01.ibm.com/support/docview.wss?uid=swg1PM24234 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 19:45:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 04:45:11 +0100 Subject: [SEC] [SA42169] Drupal Node Relativity Module Multiple Vulnerabilities Message-ID: <201011130345.oAD3jBma022591@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Node Relativity Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42169 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Node Relativity module for Drupal, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) The application incorrectly enforces node access restrictions. This can be exploited to e.g disclose node titles and create relations between nodes without having required access rights. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. directly perform operations on the database by tricking a user into visiting a malicious web site while being logged-in to the application. The vulnerabilities are reported in versions prior to 5.x-2.6 and 6.x-1.4. SOLUTION: Update to version 5.x-2.6 or later or 6.x-1.4 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: * recrit * catch, Drupal security team ORIGINAL ADVISORY: SA-CONTRIB-2010-103: http://drupal.org/node/968528 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 12 20:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 13 Nov 2010 05:09:21 +0100 Subject: [SEC] [SA42198] Oracle OpenSolaris Sudo "secure path" Security Bypass Message-ID: <201011130409.oAD49LJ2011294@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle OpenSolaris Sudo "secure path" Security Bypass SECUNIA ADVISORY ID: SA42198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42198 RELEASE DATE: 2010-11-13 DISCUSS ADVISORY: http://secunia.com/advisories/42198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a security issue in OpenSolaris, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA40002 SOLUTION: Apply bug fix 6959032. ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_1646_sudo_path OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 10:30:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 19:30:36 +0100 Subject: [SEC] [SA42211] CakePHP "unserialize()" PHP Code Execution Vulnerability Message-ID: <201011151830.oAFIUavi005061@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CakePHP "unserialize()" PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA42211 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42211/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42211 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42211/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42211/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42211 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Felix Wilhelm has reported a vulnerability in CakePHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the cake/libs/controller/components/security.php script using "unserialize()" with user controlled input. This can be exploited to e.g. create a cache file with arbitrary PHP code using the "__destruct()" method of a "App" class via a specially crafted serialized object passed in a POST request. The vulnerability is reported in versions prior to 1.2.9 and prior to 1.3.6. SOLUTION: Update to version 1.2.9 and 1.3.6. PROVIDED AND/OR DISCOVERED BY: Felix Wilhelm ORIGINAL ADVISORY: Felix Wilhelm: http://malloc.im/CakePHP-unserialize.txt CakePHP: http://bakery.cakephp.org/articles/markstory/2010/11/13/cakephp_1_3_6_and_1_2_9_released OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 11:30:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 20:30:26 +0100 Subject: [SEC] [SA42272] Fedora update for bristol Message-ID: <201011151930.oAFJUQRB027824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bristol SECUNIA ADVISORY ID: SA42272 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42272/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42272 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42272/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42272/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42272 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bristol. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41994 SOLUTION: Apply updated packages using the yum utility ("yum update bristol"). ORIGINAL ADVISORY: FEDORA-2010-16676: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050787.html FEDORA-2010-16687: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050805.html FEDORA-2010-16714: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050784.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 12:30:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 21:30:03 +0100 Subject: [SEC] [SA42206] Chameleon Social Networking Forum "New Thread" Script Insertion Message-ID: <201011152030.oAFKU3kN018144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Chameleon Social Networking Forum "New Thread" Script Insertion SECUNIA ADVISORY ID: SA42206 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42206/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42206 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42206/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42206/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42206 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Chameleon Social Networking, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "thread_title" and "thread_description" parameters to forum_new_topic.php (when "cmd" is set to "post" and "forum_id" is set to a valid id) when creating a topic is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Dr-mosta OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 13:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 22:30:00 +0100 Subject: [SEC] [SA42202] Babylon Cross-Application Scripting Vulnerability Message-ID: <201011152130.oAFLU0cp008487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Babylon Cross-Application Scripting Vulnerability SECUNIA ADVISORY ID: SA42202 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42202/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42202 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42202/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42202/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42202 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Babylon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. The vulnerability is caused due insufficient input sanitation within the embedded Trident control (Internet Explorer rendering engine) of non-translated terms and can be exploited to execute arbitrary HTML and script code in the Local Machine security zone. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into translating malicious content. The vulnerability is reported in versions prior to 8.0.7. SOLUTION: Update to version 8.0.7 or later. PROVIDED AND/OR DISCOVERED BY: Yair Amit and Roee Hay of IBM Rational Application Security Research Group. ORIGINAL ADVISORY: http://blog.watchfire.com/files/babylon_cas_advisory.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 14:24:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 23:24:09 +0100 Subject: [SEC] [SA42178] Ricoh Aficio Products Web Image Monitor Cross-Site Scripting Vulnerability Message-ID: <201011152224.oAFMO9uk030976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ricoh Aficio Products Web Image Monitor Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42178 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: The Light Cosine has reported a vulnerability in Ricoh Aficio products, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to the Web Image monitor is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in Ricoh Aficio MP4000, Ricoh Aficio MP6000, and Ricoh Aficio MP8000 running Web Image monitor version 2.03. Other devices and versions may also be affected. SOLUTION: Filter malicious character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: The Light Cosine ORIGINAL ADVISORY: http://cosine-security.blogspot.com/2010/11/ricoh-web-image-monitor-203-reflected.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 14:45:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 15 Nov 2010 23:45:11 +0100 Subject: [SEC] [SA42275] Foswiki Topic Settings Privilege Escalation Security Issue Message-ID: <201011152245.oAFMjB86019562@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Foswiki Topic Settings Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA42275 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42275/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42275 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42275/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42275/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42275 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Foswiki, which can be exploited by malicious users to gain escalated privileges. The security issue is caused due to insufficient access restrictions in core/lib/Foswiki/UI/Manage.pm module when handling topic preference settings and can be exploited to gain administrative privileges by changing the "Main.AdminGroup" topic settings. The security issue is reported in version 1.1.0 and 1.1.1. SOLUTION: Update to version 1.1.2. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by a user. ORIGINAL ADVISORY: http://foswiki.org/Support/SecurityAlertCVE20104215 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 15:15:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 00:15:01 +0100 Subject: [SEC] [SA42203] RealPlayer RealMedia Image Map Parsing Vulnerabilities Message-ID: <201011152315.oAFNF1UJ008554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RealPlayer RealMedia Image Map Parsing Vulnerabilities SECUNIA ADVISORY ID: SA42203 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42203/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42203 RELEASE DATE: 2010-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/42203/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42203/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42203 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: c00k1e monster has discovered two vulnerabilities in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer truncation errors when parsing image maps in RealMedia (.rm) files. This can be exploited to cause heap-based buffer overflows via a specially crafted file. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in version 1.1.5 Build 12.0.0.879. Other versions may also be affected. SOLUTION: Upgrade to version 14.0.1.609, which is not affected. PROVIDED AND/OR DISCOVERED BY: c00k1e monster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 15:47:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 00:47:19 +0100 Subject: [SEC] [SA42205] OpenTTD Denial of Service Vulnerability Message-ID: <201011152347.oAFNlJ3q030156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenTTD Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42205 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42205/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42205 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42205/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42205/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42205 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenTTD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can lead to the access of freed memory. The vulnerability is reported in version 1.0.0 through 1.0.4. Other versions may also be affected. SOLUTION: Reportedly, this will be fixed in the upcoming version 1.0.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2010/11/14/5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 16:12:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 01:12:54 +0100 Subject: [SEC] [SA42207] Hitachi EUR Products Unspecified Code Execution Vulnerability Message-ID: <201011160012.oAG0Csve018944@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi EUR Products Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA42207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42207 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products: * Hitachi EUR Form Client * Hitachi EUR Form Service * Hitachi uCosminexus EUR Form Service SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-027/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 16:47:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 01:47:12 +0100 Subject: [SEC] [SA42251] OneOrZero AIMS "item_types" SQL Injection Vulnerability Message-ID: <201011160047.oAG0lC0o008143@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OneOrZero AIMS "item_types" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42251 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42251/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42251 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42251/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42251/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42251 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Valentin Hoebel has discovered a vulnerability in OneOrZero AIMS, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "item_types" parameter to index.php (when "controller" is set to "app_oneorzerohelpdesk_main", "subcontroller" is set to "search_management_manage", and "option" is set to "show_item_search") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.7.0 Trial Edition. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Valentin Hoebel ORIGINAL ADVISORY: Valentin Hoebel: http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 17:15:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 02:15:02 +0100 Subject: [SEC] [SA42262] Joomla! JSupport Component Script Insertion and SQL Injection Vulnerabilities Message-ID: <201011160115.oAG1F20h029441@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! JSupport Component Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42262 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42262/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42262 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42262/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42262/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42262 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Valentin Hoebel has reported some vulnerabilities in the JSupport component for Joomla!, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Input passed via the "subject" parameter to index2.php (when "option" is set to "com_jsupport" and "task" is set to "saveTicket") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "alpha" parameter to administrator/index.php (when "option" is set to "com_jsupport" and "task" is set to "listTickets" or "listFaqs") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Public Back-end" permissions. The vulnerabilities are reported in version 1.5.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Valentin Hoebel ORIGINAL ADVISORY: Valentin Hoebel: http://www.xenuser.org/documents/security/Joomla_com_jsupport_XSS.txt http://www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 17:44:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 02:44:46 +0100 Subject: [SEC] [SA42222] Fujitsu Interstage Products Information Disclosure Vulnerability Message-ID: <201011160144.oAG1ikmC018411@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA42222 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42222/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42222 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42222/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42222/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42222 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Fujitsu Interstage products, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to access arbitrary files and directories. No further information is currently available. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201005e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 18:12:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 03:12:21 +0100 Subject: [SEC] [SA42271] Fedora update for bugzilla Message-ID: <201011160212.oAG2CLZP007301@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bugzilla SECUNIA ADVISORY ID: SA42271 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42271/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42271 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42271/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42271/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42271 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bugzilla. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct HTTP response splitting and cross-site scripting attacks. For more information: SA42071 SOLUTION: Apply updated packages using the yum utility ("yum update bugzilla"). ORIGINAL ADVISORY: FEDORA-2010-17235: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html FEDORA-2010-17280: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 18:45:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 03:45:19 +0100 Subject: [SEC] [SA42204] 6kbbs Multiple Vulnerabilities Message-ID: <201011160245.oAG2jJsd028816@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: 6kbbs Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42204 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42204/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42204 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42204/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42204/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42204 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in 6kbbs, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Input passed via the "user[msn]", "user[email]", and "user[phone]" POST parameters to ajaxmember.php (when "action" is set to "modifyDetails") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will execute in a user's browser session in context of an affected site. 2) Input passed via the "tids[]" POST parameter (when "postaction" POST parameter is set to e.g. "delPost") to ajaxadmin.php (when "action" is set to "dotopics") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Super Moderator" privileges. 3) Input passed via the "msgids[]" POST parameter to ajaxmember.php (when "action" is set to "deleteMsgs") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 8.0 build 20100901. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: k4shifz, Wolves Security Team ORIGINAL ADVISORY: http://bbs.wolvez.org/viewtopic.php?id=180 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 19:15:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 04:15:21 +0100 Subject: [SEC] [SA42273] Fedora update for moodle Message-ID: <201011160315.oAG3FLV2018306@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for moodle SECUNIA ADVISORY ID: SA42273 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42273/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42273 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42273/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42273/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42273 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA41980 SOLUTION: Apply updated packages using the yum utility ("yum update moodle"). ORIGINAL ADVISORY: FEDORA-2010-16845: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050800.html FEDORA-2010-16782: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050803.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 19:45:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 04:45:04 +0100 Subject: [SEC] [SA42265] WordPress Event Registration Plugin "event_id" SQL Injection Vulnerability Message-ID: <201011160345.oAG3j4xv007284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Event Registration Plugin "event_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42265 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Event Registration plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "event_id" parameter to an events page (when "regevent_action" is set to "register") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 5.32. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: k3m4n9i OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 20:09:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 05:09:46 +0100 Subject: [SEC] [SA42230] LuCI Cross-Site Scripting Vulnerability Message-ID: <201011160409.oAG49k1e028438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LuCI Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42230 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42230/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42230 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42230/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42230/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42230 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in LuCI, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user in e.g. modules/admin-core/luasrc/view/sysauth.htm. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 0.8.8. Other versions may also be affected. SOLUTION: Update to version 0.9.0. PROVIDED AND/OR DISCOVERED BY: Originally reported by dave b in OpenWRT. Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 15 20:24:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 05:24:18 +0100 Subject: [SEC] [SA42279] LuCI Cross-Site Request Forgery Vulnerability Message-ID: <201011160424.oAG4OIPI016726@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LuCI Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42279 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42279/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42279 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42279/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42279/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42279 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in LuCI, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerability is reported in version 0.9.0. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Originally reported by dave b in OpenWRT. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 10:30:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 19:30:25 +0100 Subject: [SEC] [SA42243] OpenSSL TLS Server Extension Parsing Race Condition Vulnerability Message-ID: <201011161830.oAGIUPYI010090@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenSSL TLS Server Extension Parsing Race Condition Vulnerability SECUNIA ADVISORY ID: SA42243 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42243/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42243 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42243/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42243/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42243 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to a race condition within the TLS extension parsing code, which can be exploited to cause a heap-based buffer overflow. Successful exploitation requires that the server is multi-threaded and uses the internal caching mechanism of OpenSSL. Multi-processed servers or servers with disabled internal caching session (e.g. Apache HTTP server, Stunnel) are not affected. The vulnerability is reported in versions 0.9.8f through 0.9.8o and versions 1.0.0 and 1.0.0a. SOLUTION: Update to version 0.9.8p and 1.0.0b or apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits Rob Hulswit. ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20101116.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 11:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 20:30:14 +0100 Subject: [SEC] [SA42252] SUSE update for Multiple Packages Message-ID: <201011161930.oAGJUEv5000347@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA42252 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42252/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42252 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42252/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42252/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42252 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA30134 SA38390 SA39454 SA39792 SA40906 SA41048 SA41960 SA41980 SA42082 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:021: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 12:30:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 21:30:35 +0100 Subject: [SEC] [SA42268] BPowerHouse BPRealestate "rpPassword" SQL Injection Vulnerability Message-ID: <201011162030.oAGKUZos023160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BPowerHouse BPRealestate "rpPassword" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42268 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42268/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42268 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42268/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42268/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42268 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BPowerHouse BPRealestate, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "rpPassword" parameter to admin/admin_checklogin.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the authentication mechanism. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 13:30:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 22:30:12 +0100 Subject: [SEC] [SA42280] VMware ESX / ESXi Server Update for Multiple Packages Message-ID: <201011162130.oAGLUCOA013481@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX / ESXi Server Update for Multiple Packages SECUNIA ADVISORY ID: SA42280 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42280/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42280 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42280/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42280/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42280 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for VMware ESX / ESXi Server. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34347 SA38080 SA39762 The vulnerabilities are reported in VMware ESX Server 4.1 and VMware ESXi 4.1. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0016: http://lists.vmware.com/pipermail/security-announce/2010/000108.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 14:23:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 23:23:30 +0100 Subject: [SEC] [SA42221] Nuked-Klan Boutique Module "catid" SQL Injection Vulnerability Message-ID: <201011162223.oAGMNUM6003497@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Nuked-Klan Boutique Module "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42221 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Boutique module for Nuked-Klan, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "catid" parameter in index.php (if "file" is set to "Boutique" and "op" is set to "cat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: [AR51]Kevinos ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15545/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 14:45:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 16 Nov 2010 23:45:15 +0100 Subject: [SEC] [SA42242] libsdp Insecure Temporary Files Security Issue Message-ID: <201011162245.oAGMjFGT024518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: libsdp Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA42242 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42242/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42242 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42242/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42242/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42242 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in libsdp, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application creating temporary log files in an insecure manner when running as non-root user. This can be exploited to e.g. overwrite arbitrary files via hardlink and symlink attacks. SOLUTION: Update to version 1.1.105-0.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Red Hat credits Leif Nixon. ORIGINAL ADVISORY: Red Hat bug #647941: https://bugzilla.redhat.com/show_bug.cgi?id=647941 GIT commit: http://git.openfabrics.org/git?p=~amirv/libsdp.git;a=commit;h=c6efc06bf6123ad3a731b672bf90b33e630c7bf6 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 15:17:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 00:17:34 +0100 Subject: [SEC] [SA42269] BPowerHouse BPConferenceReporting "passw" SQL Injection Vulnerability Message-ID: <201011162317.oAGNHYqm013704@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BPowerHouse BPConferenceReporting "passw" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42269 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BPowerHouse BPConferenceReporting, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "passw" parameter to checklogin.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the authentication mechanism. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 15:47:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 00:47:10 +0100 Subject: [SEC] [SA42240] VMware ESX Server Multiple Vulnerabilities Message-ID: <201011162347.oAGNlAnN002634@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42240 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42240/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42240 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42240/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42240/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42240 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA38229 SA38354 SA38502 SA38594 1) A race condition within the "find_keyring_by_name()" function in security/keys/keyring.c can be exploited to access freed memory and e.g. cause a system panic. SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0016: http://lists.vmware.com/pipermail/security-announce/2010/000108.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 16:13:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 01:13:14 +0100 Subject: [SEC] [SA42208] Gentoo update for glibc Message-ID: <201011170013.oAH0DEET023884@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Gentoo update for glibc SECUNIA ADVISORY ID: SA42208 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42208/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42208 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42208/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42208/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42208 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for glibc. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to potentially compromise a vulnerable system. 1) Integer overflows in the libc "strfmon()" function can be exploited to cause a crash or potentially execute arbitrary code via specially crafted format specifiers. 2) The mntent function family does not correctly handle newlines characters. This can be exploited to e.g. cause a DoS or gain escalated privileges, but requires that an attacker can inject newline characters into a mount entry (e.g. via vulnerable mount helpers). 3) A signedness error when processing certain ELF headers can be exploited to e.g. execute arbitrary code via a specially crafted ELF file. For more information: SA41795 SOLUTION: Update to version "sys-libs/glibc-2.11.2-r3" or later. ORIGINAL ADVISORY: GLSA 201011-01: http://www.gentoo.org/security/en/glsa/glsa-201011-01.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 16:47:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 01:47:18 +0100 Subject: [SEC] [SA42281] OpenFabrics Enterprise Distribution (OFED) "libsdp" Security Issue Message-ID: <201011170047.oAH0lIB2013046@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenFabrics Enterprise Distribution (OFED) "libsdp" Security Issue SECUNIA ADVISORY ID: SA42281 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42281/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42281 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42281/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42281/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42281 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in OpenFabrics Enterprise Distribution, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to an error within the libsdp library. For more information: SA42242 SOLUTION: Fixed in libsdp version 1.1.105-0.4. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 17:14:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 02:14:20 +0100 Subject: [SEC] [SA42274] BPowerHouse BPDirectory "tbPassword" SQL Injection Vulnerability Message-ID: <201011170114.oAH1EKa9001836@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BPowerHouse BPDirectory "tbPassword" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42274 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42274/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42274 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42274/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42274/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42274 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BPowerHouse BPDirectory, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "tbPassword" parameter to AdminLogin.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the authentication mechanism. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 17:44:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 02:44:57 +0100 Subject: [SEC] [SA42277] BPowerHouse BPAffiliateTracking "txtpas" SQL Injection Vulnerability Message-ID: <201011170144.oAH1ivmC023301@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BPowerHouse BPAffiliateTracking "txtpas" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42277 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42277/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42277 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42277/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42277/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42277 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BPowerHouse BPAffiliateTracking, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "txtpas" parameter to adminlogin.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the authentication mechanism. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 18:09:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 03:09:51 +0100 Subject: [SEC] [SA42210] NolaPro Two SQL Injection Vulnerabilities Message-ID: <201011170209.oAH29pZD012039@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NolaPro Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42210 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in NolaPro, which can be exploited by malicious users to conduct SQL injection attacks. 1) Certain input passed to the "Company Add/Update" module is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Certain input passed to the "User Add/Update" module is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions 4.0.6355 and prior. SOLUTION: Update to version 4.0.6407. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://freshmeat.net/projects/nolapro/releases/324415 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 18:24:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 03:24:12 +0100 Subject: [SEC] [SA42232] Joomla! Al-Furqan Component "surano" SQL Injection Vulnerability Message-ID: <201011170224.oAH2OCaZ032729@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Al-Furqan Component "surano" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42232 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Al-Furqan component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "surano" parameter to index.php (when "option" is set to "com_alfurqan15x" and "action" is set to "viewayat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kaMtiEz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 18:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 03:44:59 +0100 Subject: [SEC] [SA42245] IBM WebSphere Portal "SemanticTagService.js" Cross-Site Scripting Vulnerability Message-ID: <201011170244.oAH2ixOB021283@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Portal "SemanticTagService.js" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42245 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42245/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42245 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42245/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42245/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42245 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to an unspecified parameter in the SemanticTagService.js script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 6.1.0.1. Other versions may also be affected. SOLUTION: Apply APAR PK91972. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PK91972): http://www.ibm.com/support/docview.wss?uid=swg1PK91972 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 19:17:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 04:17:24 +0100 Subject: [SEC] [SA42259] DServe Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201011170317.oAH3HOkl010866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DServe Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42259 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42259 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42259/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42259/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42259 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in DServe, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "dsqField" parameter to DServe.exe (when "dsqCmd" is set to "OverSort.tcl", "dsqDb" is set, and "dsqApp" is set to "Archive"), and via e.g. the "srch_AnyText" POST parameter to DServe.exe (when "dsqCmd" POST parameter is set to "SearchFormParser.tcl", "ResultAs" POST parameter is set to "Overview", and the "dsqDb" and "dsqApp" POST parameters are set, or "dsqCmd" POST parameter is set to "SearchBuild.tcl" and "dsqApp" POST parameter is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Ryan Dewhurst ORIGINAL ADVISORY: Ryan Dewhurst: https://www.upsploit.com/index.php/advisories/view/UPS-2010-0018 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 19:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 04:44:59 +0100 Subject: [SEC] [SA42238] HP LaserJet Printers PJL Directory Traversal Vulnerability Message-ID: <201011170344.oAH3ixQg032132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP LaserJet Printers PJL Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42238 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42238/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42238 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42238/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42238/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42238 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP LaserJet Printers, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an input validation error in the Printer Job Language (PJL) interface and can be exploited to access files via directory traversal specifiers. The vulnerability is reported in the following products: * HP LaserJet MFP printers (all models with Printer Job Language (PJL) support). * HP Color LaserJet MFP printers (all models with Printer Job Language (PJL) support). * HP LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 series. SOLUTION: Apply the workaround (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Moritz Jodeit, n.runs AG. ORIGINAL ADVISORY: HPSBPI02575 SSRT090255: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 20:09:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 05:09:57 +0100 Subject: [SEC] [SA42278] Apple Mac OS X Dovecot Memory Aliasing Security Issue Message-ID: <201011170409.oAH49vPp020886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Dovecot Memory Aliasing Security Issue SECUNIA ADVISORY ID: SA42278 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42278/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42278 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42278/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42278/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42278 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information. The problem is caused due to a memory aliasing issue in Dovecot when handling user names and may result in users receiving mails intended for other users. Successful exploitation requires that Dovecot is configured as a mail server. The vulnerability is reported in Mac OS X Server v10.6.5. SOLUTION: Apply Mac OS X Server v10.6.5 Updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4452 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 20:24:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 05:24:47 +0100 Subject: [SEC] [SA42250] IBM WebSphere Commerce Sample Store Pages Cross-Site Scripting Vulnerabilities Message-ID: <201011170424.oAH4Ol8F009182@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Sample Store Pages Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42250 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM WebSphere Commerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to sample store pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 7.0.0.1 running on AIX, Linux, Solaris, and Windows. SOLUTION: Update to version 7.0 Fix Pack 1 (7.0.0.1) or apply APAR JR35424. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ISS X-Force: http://xforce.iss.net/xforce/xfdb/62952 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 20:45:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 05:45:17 +0100 Subject: [SEC] [SA42236] Eclipse Help Server Two Cross-Site Scripting Vulnerabilities Message-ID: <201011170445.oAH4jHO6030142@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Eclipse Help Server Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42236 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42236/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42236 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42236/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42236/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42236 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aung Khant has reported two vulnerabilities in Eclipse, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to help/index.jsp and help/advanced/content.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of the bundled Help Server site. The vulnerabilities are reported in version 3.6.1. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group. ORIGINAL ADVISORY: YGN Ethical Hacker Group: http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting Eclipse: http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.help.webapp/advanced/content.jsp?r1=1.33&r2=1.34 http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.help.webapp/basic/index.jsp?r1=1.17&r2=1.18 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 16 21:10:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 06:10:34 +0100 Subject: [SEC] [SA42249] IBM WebSphere Commerce Organization Admin Console SQL Injection Vulnerability Message-ID: <201011170510.oAH5AYB7018900@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Organization Admin Console SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42249 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42249/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42249 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42249/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42249/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42249 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Commerce, which can be exploited by malicious users to conduct SQL injection attacks. Certain unspecified input passed to the Organization Admin Console is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 6.0.0.10 running on AIX, Linux, Solaris, and Windows. SOLUTION: Update to version 6.0 Fix Pack 10 (6.0.0.10) or apply APAR IZ73130. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ISS X-Force: http://xforce.iss.net/xforce/xfdb/62951 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 10:31:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 19:31:04 +0100 Subject: [SEC] [SA42288] Apache mod_fcgid Module "fcgid_header_bucket_read()" Security Issue Message-ID: <201011171831.oAHIV40j010207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache mod_fcgid Module "fcgid_header_bucket_read()" Security Issue SECUNIA ADVISORY ID: SA42288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42288 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Apache mod_fcgid module, which can be exploited by malicious, local users to potentially gain escalated privileges. The problem is caused due to an error within the "fcgid_header_bucket_read()" function in fcgid_bucket.c, which can be exploited to cause a stack-based buffer overflow when receiving specially crafted FastCGI data. The security issue is reported in versions prior to version 2.3.6. SOLUTION: Update to version 2.3.6. PROVIDED AND/OR DISCOVERED BY: Edgar Frank ORIGINAL ADVISORY: https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 http://mail-archives.apache.org/mod_mbox/httpd-announce/201011.mbox/%3CAANLkTi=pWJ2KYDKuSFJDmnKd_xnF+S+_SZFn0esR-BjN at mail.gmail.com%3E OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 11:30:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 20:30:13 +0100 Subject: [SEC] [SA42257] openEngine Multiple Vulnerabilities Message-ID: <201011171930.oAHJUD4C000434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: openEngine Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42257 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42257/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42257 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42257/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42257/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42257 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in openEngine, which can be exploited by malicious people to conduct cross-site scripting attacks an disclose sensitive information. 1) Input passed via the "template" parameter to cms/website.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "template" parameter to cms/website.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.0 100226. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: SecPod Research Team ORIGINAL ADVISORY: SecPod Research Team: http://secpod.org/advisories/SECPOD_Openengine_LFI_XSS_Vuln.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 12:29:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 21:29:45 +0100 Subject: [SEC] [SA42299] Hitachi Products Collaboration Server Denial of Service Vulnerability Message-ID: <201011172029.oAHKTj1d023204@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Products Collaboration Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42299 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42299/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42299 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42299/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42299/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42299 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the Collaboration File Sharing component. No further information is currently available. Successful exploitation requires WebDav to be enabled. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-029: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-029/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 13:29:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 22:29:32 +0100 Subject: [SEC] [SA42303] Hitachi Groupmax Client Products Unspecified Buffer Overflow Vulnerability Message-ID: <201011172129.oAHLTWBL013531@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Groupmax Client Products Unspecified Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42303 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi Groupmax Client products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. The vulnerability is caused due to an unspecified error when processing files and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-028: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-028/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 14:23:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 23:23:45 +0100 Subject: [SEC] [SA42301] SAP NetWeaver Denial of Service Vulnerability Message-ID: <201011172223.oAHMNjiY003594@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42301 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42301/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42301 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42301/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42301/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42301 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexandr Polyakov has reported a vulnerability in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to missing access restrictions to the SAP Metamodel Repository performance test, which can be exploited to cause a high CPU load by repeatedly launching the performance test. SOLUTION: Update to the latest versions (see SAP Note 1484097 for more information). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Alexandr Polyakov, Digital Security Research Group ORIGINAL ADVISORY: SAP (note 1484097): https://service.sap.com/sap/support/notes/1484097 Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=206 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 14:45:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 17 Nov 2010 23:45:27 +0100 Subject: [SEC] [SA42260] ClanSphere Multiple Vulnerabilities Message-ID: <201011172245.oAHMjR11024633@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ClanSphere Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42260 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42260/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42260 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42260/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42260/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42260 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in ClanSphere, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and SQL injection attacks. 1) The application fails to correctly sanitise user supplied input via BBCode. This can be exploited to insert arbitrary HTML and script code, which will get executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "pic" and "size" parameters to mods/gallery/print_now.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "where" parameter to index.php (when "mod" is set to "replays" and "action" is set to "list") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 2010.0. Other versions may also be affected. SOLUTION: Update to version 2010.1. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: ClanSphere: http://www.csphere.eu/index/news/view/id/527 High-Tech Bridge SA: http://www.htbridge.ch/advisory/bbcode_xss_in_clansphere.html http://www.htbridge.ch/advisory/xss_in_clansphere.html http://www.htbridge.ch/advisory/sql_injection_in_clansphere.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 15:17:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 00:17:13 +0100 Subject: [SEC] [SA42244] VLC Media Player Incorrect Calling Convention Stack Corruption Vulnerability Message-ID: <201011172317.oAHNHDm6013794@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VLC Media Player Incorrect Calling Convention Stack Corruption Vulnerability SECUNIA ADVISORY ID: SA42244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42244 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the use of an incorrect calling convention when invoking the "WNetAddConnection2A()" Windows API function, which can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted "smb://" URL or accessing a specially crafted website. Note: This only affects the Windows version. The vulnerability is reported in versions prior to 1.1.5. SOLUTION: Update to version 1.1.5. PROVIDED AND/OR DISCOVERED BY: shinnai ORIGINAL ADVISORY: VideoLAN-SA-1006: http://www.videolan.org/security/sa1006.html shinnai: http://shinnai.altervista.org/exploits/SH-008-20101026.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 15:47:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 00:47:24 +0100 Subject: [SEC] [SA42297] SAP NetWeaver SQL Monitor Cross-Site Scripting Vulnerabilities Message-ID: <201011172347.oAHNlOfn002764@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver SQL Monitor Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42297 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexandr Polyakov and Alexey Troshichev have reported some vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "connid" parameter to the OpenSQLMonitors/servlet/ConnectionMonitorServlet script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. 2) Input passed via the "reqTableColumns" parameter to the OpenSQLMonitors/servlet/CatalogBufferMonitorServlet script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. The vulnerabilities are reported in SAP NetWeaver administrator panel from ECC 6.0. Other versions may also be affected. SOLUTION: Update to the latest versions (see SAP Note 1391770 for more information). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Alexandr Polyakov and Alexey Troshichev, Digital Security Research Group ORIGINAL ADVISORY: SAP (note 1391770): https://service.sap.com/sap/support/notes/1391770 Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=156 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 16:12:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 01:12:17 +0100 Subject: [SEC] [SA42081] The Bug Genie Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201011180012.oAI0CHx2023944@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: The Bug Genie Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA42081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42081 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in The Bug Genie, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed via the "scope" parameter to e.g. index.php, modules/search/search.php, or modules/search/search_stripped.php is not properly sanitised in include/classes/BUGSscope.class.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change a user's password or delete a user by tricking a logged in administrative user into visiting a malicious web site. The vulnerabilities are confirmed in version 2.1.1. Other versions may also be affected. SOLUTION: Update to version 2.1.2. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. ORIGINAL ADVISORY: The Bug Genie: http://www.thebuggenie.com/b2/modules/publish/articles.php?article_id=82 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 16:46:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 01:46:21 +0100 Subject: [SEC] [SA42247] MySQL Administrator / Query Browser Credentials Disclosure Security Issue Message-ID: <201011180046.oAI0kLiY013110@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MySQL Administrator / Query Browser Credentials Disclosure Security Issue SECUNIA ADVISORY ID: SA42247 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42247/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42247 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42247/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42247/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42247 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in MySQL Administrator / Query Browser, which can be exploited by malicious, local users to gain access to sensitive information. The security issue is caused due to the GUI Tools using the MySQL username and password as command line arguments when invoking "MySQL Text Console" via the "Tools" menu. This can be exploited to disclose the database credentials via e.g. the "ps" command. The vulnerability is confirmed in version 1.2.12. Other versions may also be affected. SOLUTION: Do not invoke "MySQL Text Console" from the "Tools" menu. PROVIDED AND/OR DISCOVERED BY: Reported by Martin Drescher. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 17:12:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 02:12:23 +0100 Subject: [SEC] [SA42209] vBulletin Profile Customization Script Insertion Vulnerability Message-ID: <201011180112.oAI1CNmX001880@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vBulletin Profile Customization Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42209 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MaXe has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the profile customization page is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that profile customization is enabled. The vulnerability is reported in version 4.0.8. SOLUTION: Update to version 4.0.8 PL1. PROVIDED AND/OR DISCOVERED BY: MaXe, InterN0T ORIGINAL ADVISORY: vBulletin: http://www.vbulletin.com/forum/showthread.php?367021-vBulletin-4.0.8-PL1-Released http://www.vbulletin.com/forum/showthread.php?366834-vbulletin-4-profile-customization-exploit InterN0T: http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-persistent-cross-site-scripting-via-profile-customization.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 17:45:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 02:45:14 +0100 Subject: [SEC] [SA42261] Serv-U SSH Server Empty Password Login Security Bypass Message-ID: <201011180145.oAI1jE7v023439@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Serv-U SSH Server Empty Password Login Security Bypass SECUNIA ADVISORY ID: SA42261 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42261/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42261 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42261/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42261/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42261 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Serv-U, which can be exploited by malicious people to bypass certain security restrictions. The problem is caused due to the SSH server allowing logins to user accounts with empty passwords when password-based authentication is disabled. The security issue is confirmed in version 10.2.0.2 and reported in versions prior to 10.3.0.1. SOLUTION: Update to version 10.3.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 18:10:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 03:10:18 +0100 Subject: [SEC] [SA42294] Red Hat update for pidgin Message-ID: <201011180210.oAI2AIOl012203@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA42294 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42294/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42294 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42294/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42294/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42294 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41893 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0890-1: https://rhn.redhat.com/errata/RHSA-2010-0890.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 18:23:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 03:23:51 +0100 Subject: [SEC] [SA42291] Red Hat update for openswan Message-ID: <201011180223.oAI2Npnw000383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for openswan SECUNIA ADVISORY ID: SA42291 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42291/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42291 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42291/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42291/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42291 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openswan. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA41689 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0892-1: https://rhn.redhat.com/errata/RHSA-2010-0892.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 18:45:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 03:45:12 +0100 Subject: [SEC] [SA42295] Red Hat update for freetype Message-ID: <201011180245.oAI2jC5j021436@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA42295 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42295/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42295 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42295/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42295/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42295 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #1 in: SA41738 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0889-1: https://rhn.redhat.com/errata/RHSA-2010-0889.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 19:14:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 04:14:11 +0100 Subject: [SEC] [SA42289] Fedora update for freetype Message-ID: <201011180314.oAI3EBHc010901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for freetype SECUNIA ADVISORY ID: SA42289 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42289/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42289 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42289/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42289/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42289 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #1 in: SA41738 SOLUTION: Apply updated packages via the yum utility ("yum update freetype"). ORIGINAL ADVISORY: FEDORA-2010-17742: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 19:44:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 04:44:11 +0100 Subject: [SEC] [SA42287] Fedora update for cups Message-ID: <201011180344.oAI3iBau032279@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for cups SECUNIA ADVISORY ID: SA42287 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42287/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42287 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42287/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42287/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42287 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cups. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA41706 SOLUTION: Apply updated packages via the yum utility ("yum update cups"). ORIGINAL ADVISORY: FEDORA-2010-17641: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 20:08:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 05:08:55 +0100 Subject: [SEC] [SA42296] Red Hat update for openssl Message-ID: <201011180408.oAI48tkV021023@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for openssl SECUNIA ADVISORY ID: SA42296 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42296/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42296 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42296/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42296/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42296 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42243 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0888-1: https://rhn.redhat.com/errata/RHSA-2010-0888.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 20:23:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 05:23:00 +0100 Subject: [SEC] [SA42253] IBM WebSphere MQ FDC Processing Denial of Service Vulnerability Message-ID: <201011180423.oAI4MxNb009290@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ FDC Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42253 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42253/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42253 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42253/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42253/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42253 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere MQ, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a loop when processing a FDC with the RM680004 Probe Id value and can be exploited to consume all disk resources. The vulnerability is reported in versions prior to 7.0.1.5. SOLUTION: Apply APAR IC71123 or Fix Pack 7.0.1.5 when it becomes available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ISS X-Force: http://xforce.iss.net/xforce/xfdb/63147 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 20:43:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 05:43:45 +0100 Subject: [SEC] [SA42302] Fedora update for mod_fcgid Message-ID: <201011180443.oAI4hjic030270@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for mod_fcgid SECUNIA ADVISORY ID: SA42302 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42302/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42302 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42302/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42302/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42302 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mod_fcgid. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges. For more information: SA42288 SOLUTION: Apply updated packages via the yum utility ("yum update mod_fcgid"). ORIGINAL ADVISORY: FEDORA-2010-17474: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html FEDORA-2010-17434: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html FEDORA-2010-17472: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 21:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 06:09:18 +0100 Subject: [SEC] [SA42270] WonderCMS "page" Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201011180509.oAI59Ii1019052@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WonderCMS "page" Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA42270 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42270/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42270 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42270/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42270/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42270 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in WonderCMS, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed via the "page" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "page" parameter to index.php is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 0.3. Other versions may also be affected. SOLUTION: Update to version 0.3.1. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 21:22:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 06:22:42 +0100 Subject: [SEC] [SA42255] GNOME Shell LD_LIBRARY_PATH Security Issue Message-ID: <201011180522.oAI5MgtJ007284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GNOME Shell LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA42255 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42255/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42255 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42255/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42255/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42255 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in GNOME Shell, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the gnome-shell script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ludwig Nussel. ORIGINAL ADVISORY: GNOME bug #631004: https://bugzilla.gnome.org/show_bug.cgi?id=631004 GIT commit: http://git.gnome.org/browse/gnome-shell/commit/?id=c6eb2761c719af47248badb2187866ffaff6e671 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 21:43:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 06:43:35 +0100 Subject: [SEC] [SA42300] SAP NetWeaver SOAP Request Denial of Service Vulnerability Message-ID: <201011180543.oAI5hZDG028268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver SOAP Request Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42300 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42300/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42300 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42300/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42300/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42300 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexey Sintsov has reported a vulnerability in SAP NetWeaver, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain SOAP requests, which can be exploited to cause a stack overflow by e.g. sending SOAP requests containing a huge amount of nested tags. SOLUTION: Update to the latest versions (see SAP Note 1469549 for more information). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Alexey Sintsov, Digital Security Research Group ORIGINAL ADVISORY: SAP (note 1469549): https://service.sap.com/sap/support/notes/1469549 Digital Security Research Group http://dsecrg.com/pages/vul/show.php?id=205 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 21:55:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 06:55:51 +0100 Subject: [SEC] [SA42304] vtiger CRM "default_user_name" Cross-Site Scripting Vulnerability Message-ID: <201011180555.oAI5tpWn016435@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM "default_user_name" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "default_user_name" parameter to index.php (when "module" is set to "Users" and "action" is set to "Login") is not properly sanitised in modules/Users/Login.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 17 22:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 07:09:18 +0100 Subject: [SEC] [SA42283] IceBB "gmt" SQL Injection Vulnerability and Information Disclosure Weakness Message-ID: <201011180609.oAI69IBE004667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IceBB "gmt" SQL Injection Vulnerability and Information Disclosure Weakness SECUNIA ADVISORY ID: SA42283 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42283/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42283 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42283/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42283/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42283 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been discovered in iceBB, which can be exploited by malicious people to disclose potentially sensitive information and conduct SQL injection attacks. 1) Input passed via e.g. the "s" parameter to index.php (when "act" is set to "login" and "func" is set to "captcha"), via the "icebb_login_key" cookie parameter to index.php (when "icebb_user" and "icebb_pass" cookie parameters are set) and via the "s" parameter to admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to e.g. disclose the database tables' prefix. 2) Input passed via the "gmt" POST parameter to index.php (when "func" POST parameter is set to "Register") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0-rc10. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22686: http://www.htbridge.ch/advisory/information_disclosure_in_icebb.html HTB22687: http://www.htbridge.ch/advisory/information_disclosure_in_icebb_1.html HTB22688: http://www.htbridge.ch/advisory/sql_injection_in_icebb.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 10:31:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 19:31:10 +0100 Subject: [SEC] [SA42229] Camtron CMNC-200 Multiple Vulnerabilities Message-ID: <201011181831.oAIIVAt1019711@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Camtron CMNC-200 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42229 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42229/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42229 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42229/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42229/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42229 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Wendel G. Henrique has reported a security issue and some vulnerabilities in Camtron CMNC-200, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) Input passed via the URL to the device's web server is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks. 2) The device does not properly restrict access to the administrative web interface. This can be exploited to bypass the authentication mechanism by e.g. appending a second forward slash ("/") after the hostname. 3) Undocumented, hardcoded user accounts can be exploited to e.g. gain access to the device via the telnet interface. 4) The device does not properly handle multiple parallel requests to the internal web server, which can be exploited to cause a reboot. 5) The device includes a vulnerable ActiveX control, which can be exploited to compromise a user's system. For more information: SA42311 The vulnerabilities are reported in version V1.102A-008 / Board ID 66. Other versions may also be affected. SOLUTION: Restrict and filter network access via a firewall. PROVIDED AND/OR DISCOVERED BY: Wendel G. Henrique, Trustwave's SpiderLabs ORIGINAL ADVISORY: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 11:30:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 20:30:03 +0100 Subject: [SEC] [SA42256] SystemTap Denial of Service and Privilege Escalation Vulnerabilities Message-ID: <201011181930.oAIJU3k9009998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SystemTap Denial of Service and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA42256 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42256/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42256 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42256/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42256/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42256 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service). 1) An improper environment sanitation in the "/usr/bin/staprun" setuid program when loading kernel modules can be exploited to escalate privileges. 2) An error in the "/usr/bin/staprun" setuid program when unloading kernel modules can be exploited to unload arbitrary unused modules and potentially cause a DoS. The vulnerabilities are reported in version 1.3. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy. ORIGINAL ADVISORY: http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 12:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 21:30:14 +0100 Subject: [SEC] [SA42241] Ubuntu update for openssl Message-ID: <201011182030.oAIKUEk2032736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openssl SECUNIA ADVISORY ID: SA42241 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42241/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42241 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42241/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42241/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42241 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42243 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1018-1: http://www.ubuntu.com/usn/usn-1018-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 13:30:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 22:30:39 +0100 Subject: [SEC] [SA42248] Cisco Unified Videoconferencing Products Multiple Vulnerabilities Message-ID: <201011182130.oAILUd0E023102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Unified Videoconferencing Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42248 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple weaknesses and vulnerabilities have been reported in Cisco Unified Videoconferencing, which can be exploited by malicious, local users to disclose sensitive information and gain escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to hijack another user's session, disclose sensitive information, and potentially compromise a vulnerable system. 1) Multiple hard-coded accounts exist ("root", "cs", and "develop") that cannot be disabled, which can be exploited to potentially gain access to the device via e.g. brute force attacks. 2) Input passed via the "username" parameter to goform/websXMLAdminRequestCgi.cgi is not properly sanitised before being used as a command line argument, which can be exploited to inject arbitrary shell commands with the privileges of the root user. Successful exploitation requires administrative credentials. 3) A weakness due to using a reversible hashing scheme for passwords in the configuration file /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val can be exploited to gain access to the password of the administrator and operator accounts. 4) A weakness is caused due to the shadow password file being world readable. 5) A vulnerability is caused due to the creation of session IDs based on a time counter, which can be exploited to hijack another user's session by e.g. using a brute force attack to iterate over all possible time values from last system boot time. 6) A weakness due to credentials being stored in a cookie in Base64 encoded or clear text can be exploited to gain access to the device by e.g. sniffing network traffic or a Man-in-the-Middle (MitM) attack. NOTE: Additionally, some configuration issues exists in the FTP, Web, and OpenSSH servers. The weaknesses and vulnerabilities are reported in the following products: * Cisco Unified Videoconferencing 5110 * Cisco Unified Videoconferencing 5115 * Cisco Unified Videoconferencing 5230 * Cisco Unified Videoconferencing 3545 * Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway * Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway * Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) SOLUTION: Currently, no fix is available (please see the vendor's advisory for a potential workaround). PROVIDED AND/OR DISCOVERED BY: Florent Daigniere, Matta Consulting. ORIGINAL ADVISORY: Matta (MATTA-2010-001): http://www.trustmatta.com/advisories/MATTA-2010-001.txt Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 14:24:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 23:24:04 +0100 Subject: [SEC] [SA42311] TVSLiveControl ActiveX Control "connect()" Buffer Overflow Vulnerability Message-ID: <201011182224.oAIMO4lT013146@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TVSLiveControl ActiveX Control "connect()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42311 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42311/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42311 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42311/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42311/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42311 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Wendel G. Henrique has reported a vulnerability in the TVSLiveControl ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TVSLiveControl ActiveX control when handling the "connect()" method. This can be exploited to cause a stack-based buffer overflow via a specially crafted "pAddress" argument Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 1.6.50.33. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Wendel G. Henrique, Trustwave's SpiderLabs ORIGINAL ADVISORY: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 14:45:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 18 Nov 2010 23:45:08 +0100 Subject: [SEC] [SA42263] Red Hat update for systemtap Message-ID: <201011182245.oAIMj8GR001680@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for systemtap SECUNIA ADVISORY ID: SA42263 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42263/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42263 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42263/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42263/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42263 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for systemtap. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service). For more information: SA42256 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0894-1: https://rhn.redhat.com/errata/RHSA-2010-0894.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 15:18:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 00:18:14 +0100 Subject: [SEC] [SA42306] Red Hat update for systemtap Message-ID: <201011182318.oAINIEN4023368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for systemtap SECUNIA ADVISORY ID: SA42306 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42306/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42306 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42306/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42306/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42306 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for systemtap. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information see vulnerability #1 in: SA42256 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0895-1: http://rhn.redhat.com/errata/RHSA-2010-0895.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 15:47:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 00:47:10 +0100 Subject: [SEC] [SA42228] Drupal Relevant Content Module Information Disclosure Security Issue Message-ID: <201011182347.oAINlANS012305@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Relevant Content Module Information Disclosure Security Issue SECUNIA ADVISORY ID: SA42228 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42228/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42228 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42228/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42228/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42228 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Relevant Content module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to an error in the module's implementation of node access logic. This can be exploited to e.g. disclose node titles and relationships when accessing a node. The security issue is reported in versions prior to 5.x-1.4 and 6.x-1.5. SOLUTION: Update to version 5.x-1.4 or later or version 6.x-1.5 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Szymon Nitka. ORIGINAL ADVISORY: SA-CONTRIB-2010-104: http://drupal.org/node/975094 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 16:12:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 01:12:32 +0100 Subject: [SEC] [SA42286] WonderCMS "password" Information Disclosure Message-ID: <201011190012.oAJ0CW3H001049@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WonderCMS "password" Information Disclosure SECUNIA ADVISORY ID: SA42286 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42286/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42286 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42286/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42286/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42286 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in WonderCMS, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to the application storing user credentials in the "password" file under the "files" directory with insecure permissions. This can be exploited to disclose the base64 encoded password by requesting the file directly. The security issue is confirmed in version 0.3.1. Prior versions may also be affected. SOLUTION: Update to version 0.3.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 16:46:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 01:46:51 +0100 Subject: [SEC] [SA42284] Joomla! Maian Media Silver "cat" SQL Injection Vulnerability Message-ID: <201011190046.oAJ0kpex022682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Maian Media Silver "cat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42284 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42284/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42284 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42284/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42284/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42284 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Maian Media Silver component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cat" parameter to index.php (when "option" is set to "com_maianmedia" and "view" is set to "music") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: An update has been made available by the vendor. PROVIDED AND/OR DISCOVERED BY: v3n0m ORIGINAL ADVISORY: Are Times: http://www.aretimes.com/index.php?option=com_content&view=category&layout=blog&id=40&Itemid=113 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 17:15:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 02:15:31 +0100 Subject: [SEC] [SA42310] Red Hat update for thunderbird Message-ID: <201011190115.oAJ1FVcv011627@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA42310 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42310/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42310 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42310/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42310/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42310 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA41244 SA41975 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0896-1: https://rhn.redhat.com/errata/RHSA-2010-0896.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 17:45:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 02:45:50 +0100 Subject: [SEC] [SA42246] vtiger CRM Multiple Vulnerabilities Message-ID: <201011190145.oAJ1jotd000574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files. 2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected. SOLUTION: Update to version 5.2.1. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 18 18:10:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 03:10:11 +0100 Subject: [SEC] [SA42258] CompactCMS "id" SQL Injection Vulnerability Message-ID: <201011190210.oAJ2ABEk021762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CompactCMS "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42258 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42258/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42258 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42258/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42258/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42258 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CompactCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when the "page" parameter is set to a "News module" value) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.4.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22697: http://www.htbridge.ch/advisory/sql_injection_in_compactcms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 10:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 19:30:19 +0100 Subject: [SEC] [SA42293] PGP Desktop Message Verification Vulnerability Message-ID: <201011191830.oAJIUJLv021696@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PGP Desktop Message Verification Vulnerability SECUNIA ADVISORY ID: SA42293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42293 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PGP Desktop, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of OpenPGP messages. This can be exploited to e.g. intercept and manipulate signed OpenPGP messages, which will be displayed as fully valid when the recipient right-clicks to decrypt and verify a .pgp file. The vulnerability is reported in PGP Desktop for Windows and OS X in version 10.0.3 and prior and 10.1.0 (please see the vendor's advisory for details). SOLUTION: Update to version 10.0.3SP2 or 10.1.0 SP1. PROVIDED AND/OR DISCOVERED BY: Eric Verheul, Digital Security group, Radbound University Nijmengen ORIGINAL ADVISORY: PGP: https://pgp.custhelp.com/app/answers/detail/a_id/2290 SYM10-012: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00 Eric Verheul: http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 11:29:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 20:29:57 +0100 Subject: [SEC] [SA42307] PGP Desktop Message Verification Vulnerability Message-ID: <201011191929.oAJJTvqC012014@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PGP Desktop Message Verification Vulnerability SECUNIA ADVISORY ID: SA42307 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42307/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42307 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42307/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42307/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42307 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PGP Desktop, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42293 The vulnerability is reported in version 9.8.3. SOLUTION: The vendor recommends users of PGP Desktop for Windows to open files for decryption and verification directly with PGP Desktop (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Eric Verheul, Digital Security group, Radbound University Nijmengen ORIGINAL ADVISORY: PGP: https://pgp.custhelp.com/app/answers/detail/a_id/2290 SYM10-012: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00 Eric Verheul: http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 12:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 21:30:19 +0100 Subject: [SEC] [SA42264] Apple Safari Multiple Vulnerabilities Message-ID: <201011192030.oAJKUJvQ002344@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 13:30:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 22:30:24 +0100 Subject: [SEC] [SA42298] Novell iPrint Client nipplib.dll "IppGetDriverSettings2()" Buffer Overflow Message-ID: <201011192130.oAJLUOUq025128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Novell iPrint Client nipplib.dll "IppGetDriverSettings2()" Buffer Overflow SECUNIA ADVISORY ID: SA42298 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42298/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42298 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42298/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42298/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42298 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "IppGetDriverSettings2()" function in nipplib.dll when processing the "GetDriverSettings()" method provided by the ienipp.ocx ActiveX control. This can be exploited to cause a stack-based buffer overflow via an overly long "printerUri" argument. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.52. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. Additional details provided by Secunia Research. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-256/ Novell: http://www.novell.com/support/viewContent.do?externalId=7007234 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 14:23:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 23:23:31 +0100 Subject: [SEC] [SA42266] Fujitsu Interstage Products IP Address Restriction Bypass Security Issue Message-ID: <201011192223.oAJMNVOu015174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products IP Address Restriction Bypass Security Issue SECUNIA ADVISORY ID: SA42266 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42266/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42266 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42266/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42266/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42266 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple Fujitsu Interstage products, which can be exploited by malicious people to bypass certain security restrictions. The security issue exists when access is restricted by an IP address and can be exploited to bypass this restriction and gain access to potentially sensitive information. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201006e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 14:44:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 19 Nov 2010 23:44:42 +0100 Subject: [SEC] [SA42318] Fedora update for systemtap Message-ID: <201011192244.oAJMigHJ003759@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for systemtap SECUNIA ADVISORY ID: SA42318 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42318/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42318 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42318/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42318/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42318 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for systemtap. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service). For more information: SA42256 SOLUTION: Apply updated packages via the yum utility ("yum update systemtap"). ORIGINAL ADVISORY: FEDORA-2010-17865: https://admin.fedoraproject.org/updates/systemtap-1.3-3.fc14 FEDORA-2010-17868: https://admin.fedoraproject.org/updates/systemtap-1.3-3.fc12 FEDORA-2010-17873: https://admin.fedoraproject.org/updates/systemtap-1.3-3.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 15:17:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 20 Nov 2010 00:17:24 +0100 Subject: [SEC] [SA42290] Wireshark Two Vulnerabilities Message-ID: <201011192317.oAJNHO8Z025389@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Wireshark Two Vulnerabilities SECUNIA ADVISORY ID: SA42290 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42290/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42290 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42290/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42290/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42290 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A boundary error in "dissect_ldss_transfer()" in epan/dissectors/packet-ldss.c can be exploited to cause a heap-based buffer overflow. This vulnerability is reported in versions 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1. 2) An error in the ZigBee ZCL Discover Attribute Response dissector can be exploited to cause an infinite loop. This vulnerability is reported in version 1.4.0 to 1.4.1. SOLUTION: Update to version 1.4.2 or 1.2.13. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nephi Johnson, BreakingPoint 2) Reported by the vendor. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2010-13.html http://www.wireshark.org/security/wnpa-sec-2010-14.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 19 15:46:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 20 Nov 2010 00:46:58 +0100 Subject: [SEC] [SA42292] Joomla! Mosets Tree Component Cross-Site Request Forgery Vulnerability Message-ID: <201011192346.oAJNkw9e014371@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Mosets Tree Component Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42292 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42292/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42292 RELEASE DATE: 2010-11-20 DISCUSS ADVISORY: http://secunia.com/advisories/42292/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42292/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42292 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Mosets Tree component for Joomla!, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change the template by tricking a privileged user into visiting a malicious web site while being logged-in to the application. The vulnerability is reported in version 2.1.6. Prior versions may also be affected. SOLUTION: Update to version 2.1.7. PROVIDED AND/OR DISCOVERED BY: jdc ORIGINAL ADVISORY: Mosets Tree: http://forum.mosets.com/showthread.php?t=16820 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 10:30:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 19:30:58 +0100 Subject: [SEC] [SA42233] Phire CMS Multiple Vulnerabilities Message-ID: <201011221830.oAMIUwYL020546@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Phire CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42233 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Phire CMS which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks. 1) Input passed via the "username" and "password" POST parameters to phire/login.php and via the "email" POST parameter to phire/forgot.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "page_title", "site_id", "sect_id", "user_id", "published", and "access" POST parameters to phire/content/pages.php, via the "site_id" and "page_url" POST parameters to phire/core/process/add.page.php, via the "site_id" and "section_url" POST parameters to phire/core/process/add.section.php, via the "site_id" and "template_name" POST parameters to phire/core/process/add.template.php, via the "site_id" and "section_url" POST parameters to phire/core/process/edit.section.php, via the "template_name" POST parameter to phire/core/process/edit.template.php, via the "rm_sects[]" POST parameter to phire/core/process/remove.sections.php, via the "rm_users[]" POST parameter to phire/core/process/remove.users.php, and via the "page_url" POST parameter to phire/core/process/edit.page.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of vulnerability #2 requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.0.1. PROVIDED AND/OR DISCOVERED BY: Russ McRee, reported via Secunia ORIGINAL ADVISORY: Phire CMS: http://phirecms.org/CHANGELOG.TXT OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 11:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 20:30:00 +0100 Subject: [SEC] [SA42343] phpBB Flash BBCode Script Insertion Vulnerability Message-ID: <201011221930.oAMJU064010888@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpBB Flash BBCode Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42343 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42343/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42343 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42343/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42343/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42343 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in phpBB, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "[flash=]" BBCode parameter when creating a post is not properly sanitised before being used in includes/message_parser.php. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 3.0.8. SOLUTION: Update to version 3.0.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v307-PL1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 12:30:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 21:30:11 +0100 Subject: [SEC] [SA42276] ViArt Shop Multiple Vulnerabilities Message-ID: <201011222030.oAMKUBNR001199@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ViArt Shop Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42276 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42276/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42276 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42276/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42276/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42276 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in ViArt Shop, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "search_category_id" and "category_id" parameters to ads.php, via the "category_id" parameter to article.php and articles.php, via the "rp" parameter to basket.php, and via the "postal_code" parameter to shipping_calculator.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "filter" parameter to products.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 4.0.5. Other versions may also be affected. SOLUTION: Apply vendor supplied patches. PROVIDED AND/OR DISCOVERED BY: Ariko-Security ORIGINAL ADVISORY: ViArt: http://www.viart.com/update_logic_to_increase_site_security_and_fix_xss-compatibility_issues.html Ariko-Security: http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 13:30:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 22:30:25 +0100 Subject: [SEC] [SA42338] Fedora update for libtlen Message-ID: <201011222130.oAMLUPLx024036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for libtlen SECUNIA ADVISORY ID: SA42338 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42338/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42338 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42338/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42338/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42338 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libtlen. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply update packages using the yum utility ("yum update libtlen"). ORIGINAL ADVISORY: FEDORA-2010-17762: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html FEDORA-2010-17732: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 14:24:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 23:24:11 +0100 Subject: [SEC] [SA42341] Fedora update for mingw32-OpenSceneGraph Message-ID: <201011222224.oAMMOBiD014128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for mingw32-OpenSceneGraph SECUNIA ADVISORY ID: SA42341 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42341 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42341/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42341/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42341 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mingw32-OpenSceneGraph. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA38185 SOLUTION: Apply updated packages via the yum utility ("yum update mingw32-OpenSceneGraph"). ORIGINAL ADVISORY: FEDORA-2010-17621: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051198.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 14:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 22 Nov 2010 23:44:59 +0100 Subject: [SEC] [SA42348] mono-debugger LD_LIBRARY_PATH Security Issues Message-ID: <201011222244.oAMMixBQ002714@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: mono-debugger LD_LIBRARY_PATH Security Issues SECUNIA ADVISORY ID: SA42348 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42348/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42348 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42348/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42348/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42348 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in mono-debugger, which can be exploited by malicious, local users to gain escalated privileges. The security issues are caused due to the mdb and mdb-symbolreader scripts incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the scripts in a directory containing a malicious library. SOLUTION: Update to version 2.8.1. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: Mono Project: http://www.mono-project.com/Vulnerabilities#mono-debugger_Insecure_Use_of_LD_LIBRARY_PATH Debian Bug #598299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598299 Novell Bug #647353: https://bugzilla.novell.com/show_bug.cgi?id=647353 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 15:17:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 00:17:40 +0100 Subject: [SEC] [SA42366] DotNetNuke Logging Provider Information Disclosure Weakness Message-ID: <201011222317.oAMNHebR024374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DotNetNuke Logging Provider Information Disclosure Weakness SECUNIA ADVISORY ID: SA42366 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42366/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42366 RELEASE DATE: 2010-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/42366/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42366/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42366 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in DotNetNuke, which may lead to exposure of sensitive information. The weakness is caused due to the logging provider not being available while handling exceptions if a database becomes unavailable. This can lead to the exposure of certain sensitive information e.g. the database name or the user name. The weakness is reported in versions prior to 5.6.0. SOLUTION: Update to version 5.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno44/tabid/2035/Default.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 15:47:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 00:47:34 +0100 Subject: [SEC] [SA42336] Fedora update for openssl Message-ID: <201011222347.oAMNlYha013376@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for openssl SECUNIA ADVISORY ID: SA42336 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42336/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42336 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42336/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42336/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42336 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42243 SOLUTION: Apply updated packages using the yum utility ("yum update openssl"). ORIGINAL ADVISORY: FEDORA-2010-17826: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html FEDORA-2010-17847: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html FEDORA-2010-17827: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 16:13:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 01:13:04 +0100 Subject: [SEC] [SA42309] Slackware update for openssl Message-ID: <201011230013.oAN0D4os002152@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for openssl SECUNIA ADVISORY ID: SA42309 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42309/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42309 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42309/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42309/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42309 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40906 SA42243 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-326-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 16:47:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 01:47:23 +0100 Subject: [SEC] [SA42323] S-Cms "id" SQL Injection Vulnerability Message-ID: <201011230047.oAN0lNqB023804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: S-Cms "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42323 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42323/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42323 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42323/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42323/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42323 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in S-Cms, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to viewforum.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. The vulnerability is confirmed in version 2.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: LordTittiS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 17:15:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 02:15:00 +0100 Subject: [SEC] [SA42324] Joomla! Jimtawl Component "task" Local File Inclusion Vulnerability Message-ID: <201011230115.oAN1F0cQ012724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Jimtawl Component "task" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42324 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42324/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42324 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42324/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42324/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42324 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Jimtawl component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Input passed via the "task" parameter to index.php (when "option" is set to "com_jimtawl" and "Itemid" is set) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Mask_magicianz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 17:45:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 02:45:13 +0100 Subject: [SEC] [SA42282] ViArt Shop Cross-Site Scripting Vulnerabilities Message-ID: <201011230145.oAN1jDvc001689@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ViArt Shop Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42282 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42282/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42282 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42282/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42282/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42282 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in ViArt Shop, which can be exploited by malicious people to conduct cross-site scripting attacks and SQL injection attacks. 1) Input passed via the "s_fds", "s_tit", and "s_cod" parameters to search.php and via the "s_sds" parameter to ads_search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 4.0.5 Free edition. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Ariko-Security ORIGINAL ADVISORY: Ariko-Security: http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_746.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 18:10:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 03:10:34 +0100 Subject: [SEC] [SA42357] Slackware update for xpdf Message-ID: <201011230210.oAN2AYvn022946@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for xpdf SECUNIA ADVISORY ID: SA42357 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42357/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42357 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42357/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42357/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42357 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for xpdf. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA41596 SA41709 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-324-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 18:24:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 03:24:31 +0100 Subject: [SEC] [SA42074] NibbleBlog Cross-Site Request Forgery Vulnerability Message-ID: <201011230224.oAN2OVuP011240@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NibbleBlog Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42074 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in NibbleBlog, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add a new post or delete comments by tricking the logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 18:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 03:45:07 +0100 Subject: [SEC] [SA42330] CommodityRentals DVD Rentals Script "cat_id" SQL Injection Vulnerability Message-ID: <201011230245.oAN2j75W032232@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CommodityRentals DVD Rentals Script "cat_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42330 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42330/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42330 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42330/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42330/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42330 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CommodityRentals DVD Rentals Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cat_id" parameter to index.php (when "view" is set to "catalog" and "item_type" is set to "M") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: JaMbA OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 19:14:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 04:14:49 +0100 Subject: [SEC] [SA42340] Fedora update for suricata Message-ID: <201011230314.oAN3EnpM021720@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for suricata SECUNIA ADVISORY ID: SA42340 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42340/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42340 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42340/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42340/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42340 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for suricata. This fixes some security issues, which can be exploited by malicious people to bypass certain security features. For more information: SA42158 SOLUTION: Apply updated packages via the yum utility ("yum update suricata"). ORIGINAL ADVISORY: FEDORA-2010-17650: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051220.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 19:44:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 04:44:12 +0100 Subject: [SEC] [SA42371] Native Instruments Kontakt Player Insecure Library Loading Vulnerability Message-ID: <201011230344.oAN3iCpq010705@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Native Instruments Kontakt Player Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42371 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42371/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42371 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42371/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42371/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42371 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Native Instruments Kontakt Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. libjack.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a NKM, NKP, NKI, or NKB file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.1.3.4125. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4976.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 20:09:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 05:09:04 +0100 Subject: [SEC] [SA42331] Plogger Cross-Site Request Forgery Vulnerability Message-ID: <201011230409.oAN4941K031894@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Plogger Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42331 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42331/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42331 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42331/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42331/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42331 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Plogger, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. change the administrator's user name and password by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 1.0-RC1. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Or4nG.M4N OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 20:22:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 05:22:58 +0100 Subject: [SEC] [SA42327] Native Instruments Reaktor 5 Player Insecure Library Loading Vulnerability Message-ID: <201011230422.oAN4MwQ6020160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Native Instruments Reaktor 5 Player Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42327 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42327/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42327 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42327/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42327/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42327 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Native Instruments Reaktor 5 Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. libjack.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening certain files (.ens, .ism, .map, .mdl, .ntf, .rcc, .rcm, .rkplr, and .ssf) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.5.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4974.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 22 20:43:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 05:43:54 +0100 Subject: [SEC] [SA42339] Fedora update for gif2png Message-ID: <201011230443.oAN4hsVU008780@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for gif2png SECUNIA ADVISORY ID: SA42339 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42339/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42339 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42339/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42339/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42339 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gif2png. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing overly long command line arguments. This can be exploited to e.g. cause a stack-based buffer overflow by passing specially crafted filenames to the application. SOLUTION: Apply updated packages using the yum utility ("yum update gif2png"). PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Patroklos Argyroudis. ORIGINAL ADVISORY: FEDORA-2010-0358: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html Debian Bug #550978: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 10:30:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 19:30:06 +0100 Subject: [SEC] [SA42334] jSchool Advanced "id_gallery" SQL Injection Vulnerability Message-ID: <201011231830.oANIU6Bk001209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: jSchool Advanced "id_gallery" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42334 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42334/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42334 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42334/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42334/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42334 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in jSchool Advanced, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id_gallery" parameter to index.php (when "action" is set to "gallery.list") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Don Tukulesto OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 11:31:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 20:31:39 +0100 Subject: [SEC] [SA42179] TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201011231931.oANJVdcM024086@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42179 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in TinyWebGallery, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "lang", "order", and "srt" parameters to admin/index.php, the "twg_rot" and "twg_top10" parameters to index.php, the "twg_tag_dir" and "twg_tag_image" parameters to i_frames/i_tags.php, and the "twg_name" parameter to i_frames/i_kommentar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via arbitrary parameters to e.g. index.php, i_frames/i_info.php, i_frames/i_kommentar.php, i_frames/i_login.php, i_frames/i_optionen.php, i_frames/i_privatelogin.php, i_frames/i_rate.php, i_frames/i_search.php, i_frames/i_slideshowjquery.php, i_frames/i_tags.php, i_frames/i_titel.php, and i_frames/i_top_tags.php is not properly sanitised in inc/mysession.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.8.2. Other versions may also be affected. SOLUTION: Update to version 1.8.3. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. ORIGINAL ADVISORY: TinyWebGallery: http://www.tinywebgallery.com/blog/2010/11/twg-1-8-3-is-available/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 12:30:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 21:30:39 +0100 Subject: [SEC] [SA42312] Apple iOS Multiple Vulnerabilities Message-ID: <201011232030.oANKUdp5014404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42312 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42312/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42312 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42312/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42312/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42312 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people bypass certain security restrictions, conduct spoofing attacks, disclose sensitive information, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in the signature validation when handling configuration profiles can result in a specially crafted, malicious configuration profile appearing to have a valid signature. 2) Multiple vulnerabilities in FreeType can be exploited by malicious people to potentially compromise an application using the library. For more information: SA34723 SA40586 SA40816 SA41738 3) An error in iAd Content Display in the handling of certain URL schemes can be exploited to initiate a call without user interaction. Successful exploitation of this vulnerability requires manipulation of a response for a requested ad. 4) Two vulnerabilities in libpng can be exploited by malicious people to potentially compromise an application using the library. For more information: SA40302 5) An error in libxml can be exploited to potentially compromise an application using the library. For more information: SA42175 6) An weakness in Mail can be exploited to trigger DNS prefetching even if remote image loading is disabled. 7) A vulnerability in Networking can be exploited to cause system shutdown. For more information: SA42151 8) An invalid pointer reference error in Networking when handling packet filter rules can be exploited to gain system privileges. 9) An error in the Photos application can be exploited to disclose the MobileMe account password. Successful exploitation requires the attacker to manipulate a response of the MobileMe Gallery requesting basic authentication. 10) A weakness is caused due to the "Reset Safari" feature taking up to 30 seconds to clear the website passwords from memory. 11) A boundary error in the handling of Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility management can be exploited to cause a heap-based buffer overflow and execute arbitrary code on the baseband processor. 12) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA40664 SA41085 SA42264 13) A design error within WebKit in the handling of the CSS ":visited" pseudo-class can be exploited to determine which sites a user has visited. SOLUTION: Update to iOS 4.2 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Barry Simpson, Bomgar Corporation 3, 9) Aaron Sigel, vtty.com 5) Bui Quang Minh, Bkis 6) Mike Cardwell, Cardwell IT Ltd. 10) Philippe Couturier, izypage.com and Andrew Wellington, The Australian National University 11) Ralf-Philipp Weinmann, University of Luxembourg ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 13:30:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 22:30:48 +0100 Subject: [SEC] [SA42337] Apache Tomcat Manager "sort" and "orderBy" Cross-Site Scripting Vulnerabilities Message-ID: <201011232130.oANLUmUe004742@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Manager "sort" and "orderBy" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42337 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42337/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42337 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42337/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42337/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42337 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "sort" and "orderBy" parameters to manager/html/sessions is not properly sanitised in sessionsList.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation in Apache Tomcat 7.x requires that the "CSRF" filter for the Manager application is disabled. The vulnerabilities are reported in versions 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Muntner, Gotham Digital Science. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-6.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 14:24:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 23:24:18 +0100 Subject: [SEC] [SA42352] Debian update for openssl Message-ID: <201011232224.oANMOIi0027230@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for openssl SECUNIA ADVISORY ID: SA42352 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42352/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42352 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42352/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42352/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42352 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42243 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2125-1: http://lists.debian.org/debian-security-announce/2010/msg00176.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 14:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 23 Nov 2010 23:44:59 +0100 Subject: [SEC] [SA42329] Native Instruments Massive Sound File Processing Memory Corruption Message-ID: <201011232244.oANMixu4015810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Native Instruments Massive Sound File Processing Memory Corruption SECUNIA ADVISORY ID: SA42329 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42329/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42329 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42329/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42329/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42329 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Native Instruments Massive, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error when processing NI Kore Sound Files and can be exploited to corrupt heap-based memory via a specially crafted KSD file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerability is confirmed in version 1.1.4 R1901. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4980.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 15:17:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 00:17:11 +0100 Subject: [SEC] [SA42350] Fedora update for clamav Message-ID: <201011232317.oANNHBIX005001@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for clamav SECUNIA ADVISORY ID: SA42350 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42350/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42350 RELEASE DATE: 2010-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/42350/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42350/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42350 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41503 SOLUTION: Apply updated packages using the yum utility ("yum update clamav"). ORIGINAL ADVISORY: FEDORA-2010-17439: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 15:47:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 00:47:06 +0100 Subject: [SEC] [SA42317] Apple TV Multiple Vulnerabilities Message-ID: <201011232347.oANNl6nx026404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple TV Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42317 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42317/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42317 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42317/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42317/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42317 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has acknowledged multiple vulnerabilities in Apple TV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable device. The vulnerabilities exist in the bundled versions of FreeType and libpng libraries. For more information: SA34723 SA40302 SA40586 SA40816 SOLUTION: Update to Apple TV Software version 4.1. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4457 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 16:13:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 01:13:46 +0100 Subject: [SEC] [SA42355] Horde Products vCard Script Insertion Vulnerability Message-ID: <201011240013.oAO0DkmW015270@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Horde Products vCard Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42355 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42355/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42355 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42355/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42355/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42355 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user while viewing a vCard. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious vCard is being viewed. The vulnerability is reported in the following products and versions: * Horde Application Framework versions prior to 3.3.11. * Horde Groupware versions prior to 1.2.9. * Horde Groupware Webmail Edition versions prior to 1.2.9. SOLUTION: Update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://bugs.horde.org/ticket/9357 http://lists.horde.org/archives/announce/2010/000574.html http://lists.horde.org/archives/announce/2010/000575.html http://lists.horde.org/archives/announce/2010/000576.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 16:47:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 01:47:28 +0100 Subject: [SEC] [SA42314] Apple iOS Multiple Vulnerabilities Message-ID: <201011240047.oAO0lStE004416@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 17:14:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 02:14:37 +0100 Subject: [SEC] [SA42345] Fedora update for dhcp Message-ID: <201011240114.oAO1Eb1V025715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA42345 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42345/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42345 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42345/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42345/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42345 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42082 SOLUTION: Apply updated packages using the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2010-17303: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 23 17:45:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 02:45:50 +0100 Subject: [SEC] [SA42139] webApp.secure "Content-Length" Denial of Service Vulnerability Message-ID: <201011240145.oAO1joOi014769@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: webApp.secure "Content-Length" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42139 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aleksandar Nikolic has discovered a vulnerability in webApp.secure, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when handling errors and can be exploited to cause the process to crash via e.g. a large HTTP "Content-Length" header value. The vulnerability is confirmed in version 4.0.1 Standard Edition. Other versions may also be affected. SOLUTION: Upgrade to version 5.0.0. PROVIDED AND/OR DISCOVERED BY: Aleksandar Nikolic, reported via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 10:30:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 19:30:31 +0100 Subject: [SEC] [SA42354] Linux Kernel Socket Denial of Service Vulnerability Message-ID: <201011241830.oAOIUVXt015803@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel Socket Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42354 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42354/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42354 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42354/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42354/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42354 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vegard Nossum has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a design error when handling Unix sockets, which can be exploited to cause an out of memory condition via a specially crafted application. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Vegard Nossum ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.linux.kernel/1067149 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 11:30:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 20:30:22 +0100 Subject: [SEC] [SA42368] HP-UX update for Tomcat Servlet Engine Message-ID: <201011241930.oAOJUMAI006164@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX update for Tomcat Servlet Engine SECUNIA ADVISORY ID: SA42368 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42368/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42368 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42368/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42368/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42368 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA35326 SA39574 SOLUTION: Install revision B.5.5.30.01 or subsequent from the HP-UX Web Server Suite version 3.13. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02579 SSRT100203: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02515878 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 12:30:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 21:30:01 +0100 Subject: [SEC] [SA42332] RSA Adaptive Authentication Cross-Site Scripting Vulnerability Message-ID: <201011242030.oAOKU16j028898@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RSA Adaptive Authentication Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42332 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42332/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42332 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42332/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42332/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42332 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RSA Adaptive Authentication, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to a Flash Shockwave file is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 2.x and 5.7.x. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nir Goldshlager, Avnet Technologies. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-11/att-0186/ESA-2010-019.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 13:30:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 22:30:08 +0100 Subject: [SEC] [SA42372] Xen Backend Drivers Kernel Thread Leak Denial of Service Vulnerabilities Message-ID: <201011242130.oAOLU86L019256@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xen Backend Drivers Kernel Thread Leak Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42372 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42372/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42372 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42372/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42372/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42372 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerabilities are caused due to the backend drivers leaking references to kernel threads, which can be exploited out of a guest virtual machine to e.g. prevent a proper virtual machine shutdown and stop the "xm" commands from working correctly. SOLUTION: Fixed in the Mercurial repository. PROVIDED AND/OR DISCOVERED BY: Disclosed in a Mercurial commit. ORIGINAL ADVISORY: http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 14:23:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 23:23:58 +0100 Subject: [SEC] [SA42370] Trend Micro Office Scan Privilege Escalation Vulnerability Message-ID: <201011242223.oAOMNwNa009332@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Trend Micro Office Scan Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42370 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42370/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42370 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42370/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42370/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42370 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Office Scan, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in the OfficeScan TMTDI module, which can be exploited to execute arbitrary code with escalated privileges. The vulnerability is reported in version 10.0 Service Pack 1 Patch 2 and version 10.5. Other versions may also be affected. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/Readme_2820.txt http://www.trendmicro.com/ftp/documentation/readme/Readme_1161.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 14:44:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 24 Nov 2010 23:44:44 +0100 Subject: [SEC] [SA42363] DaDaBIK Script Insertion Vulnerability Message-ID: <201011242244.oAOMii4e030324@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DaDaBIK Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42363 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42363/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42363 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42363/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42363/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42363 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DaDaBIK, which can be exploited by malicious users to perform script insertion attacks. Certain unspecified input passed via an "html content" content type field or "rich_editor" field type field is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in version 4.3 beta3. Prior versions may also be affected. SOLUTION: Update to version 4.3 beta RC1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: DaDaBIK: http://www.dadabik.org/index.php?function=show_changelog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 15:16:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 00:16:48 +0100 Subject: [SEC] [SA42325] Red Hat update for postgresql Message-ID: <201011242316.oAONGmrv019517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for postgresql SECUNIA ADVISORY ID: SA42325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42325 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to perform certain actions with escalated privileges. For more information: SA41692 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0908-1: http://rhn.redhat.com/errata/RHSA-2010-0908.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 24 15:47:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 00:47:24 +0100 Subject: [SEC] [SA42365] Linux Kernel inotify Memory Leak Denial of Service Vulnerability Message-ID: <201011242347.oAONlOWQ008549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel inotify Memory Leak Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42365 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42365/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42365 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42365/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42365/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42365 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vegard Nossum has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak within the "inotify_init()" system call in fs/notify/inotify/inotify_user.c, which potentially can be exploited to cause an out of memory condition. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Vegard Nossum ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.linux.kernel/1067173 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 10:30:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 19:30:30 +0100 Subject: [SEC] [SA42342] Fedora update for dracut and udev Message-ID: <201011251830.oAPIUUM0008931@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for dracut and udev SECUNIA ADVISORY ID: SA42342 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42342/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42342 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42342/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42342/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42342 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dracut and udev. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to insecure permissions being assigned to the "/dev/systty" device file. This can be exploited to monitor the terminal of a user logged in via tty0. SOLUTION: Apply updated packages via the yum utility ("yum update dracut udev"). PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy. ORIGINAL ADVISORY: FEDORA-2010-17930: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051417.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html https://bugzilla.redhat.com/show_bug.cgi?id=654489 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 11:30:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 20:30:33 +0100 Subject: [SEC] [SA42322] Frog CMS "user[email]" Script Insertion Vulnerability Message-ID: <201011251930.oAPJUXYY031694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Frog CMS "user[email]" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42322 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Frog CMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "user[email]" parameter to index.php ("admin/?/user/edit") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 0.9.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/xss_vulnerability_in_frog_cms_2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 12:30:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 21:30:34 +0100 Subject: [SEC] [SA42285] SimpLISTic Mailing List Manager "email" Script Insertion Vulnerability Message-ID: <201011252030.oAPKUYVo022039@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SimpLISTic Mailing List Manager "email" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42285 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42285/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42285 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42285/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42285/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42285 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SimpLISTic Mailing List Manager, which can be exploited by malicious people to conduct script-insertion attacks Input passed via the "email" POST parameter to email.cgi is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrative user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/145/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 13:30:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 22:30:54 +0100 Subject: [SEC] [SA42319] HP-UX update for CIFS Server Message-ID: <201011252130.oAPLUsGG012405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX update for CIFS Server SECUNIA ADVISORY ID: SA42319 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42319/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42319 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42319/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42319/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42319 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for CIFS Server in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40145 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02609 SSRT100147: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02627925 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 14:24:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 23:24:19 +0100 Subject: [SEC] [SA42315] MCG GuestBook Multiple Script Insertion Vulnerabilities Message-ID: <201011252224.oAPMOJsn002442@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MCG GuestBook Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42315 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42315/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42315 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42315/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42315/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42315 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in MCG Guestbook, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "name", "email", "website", and "message" POST parameters to gb.cgi is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/144/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 14:45:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 25 Nov 2010 23:45:24 +0100 Subject: [SEC] [SA42328] Native Instruments Traktor Pro Buffer Overflow Vulnerability Message-ID: <201011252245.oAPMjO3U023485@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Native Instruments Traktor Pro Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42328 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42328/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42328 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42328/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42328/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42328 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported a vulnerability in Native Instruments Traktor Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of playlist files, which can be exploited to cause a stack-based buffer overflow when a user opens e.g. a specially crafted .nml file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in Traktor Pro version 1.2.6.8491. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4977.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 15:16:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 00:16:50 +0100 Subject: [SEC] [SA42326] Fedora update for udunits2 Message-ID: <201011252316.oAPNGo1p012639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for udunits2 SECUNIA ADVISORY ID: SA42326 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42326/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42326 RELEASE DATE: 2010-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/42326/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42326/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42326 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for udunits2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply updated packages using the yum utility ("yum update udunits2"). ORIGINAL ADVISORY: FEDORA-2010-17807: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html FEDORA-2010-17819: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 25 15:47:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 00:47:17 +0100 Subject: [SEC] [SA42359] xine-lib Uninitialised Pointer Vulnerability Message-ID: <201011252347.oAPNlHaC001610@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: xine-lib Uninitialised Pointer Vulnerability SECUNIA ADVISORY ID: SA42359 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42359/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42359 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42359/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42359/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42359 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the "asf_header_parse_stream_properties()" function in src/demuxers/asfheader.c, which can be exploited to free an uninitialised pointer via a specially crafted asf file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.1.18.1. Other versions may also be affected. SOLUTION: Update to version 1.1.19. PROVIDED AND/OR DISCOVERED BY: Rafael Dominguez Vega ORIGINAL ADVISORY: http://labs.mwrinfosecurity.com/advisories/mwri_xine_free_uninit/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 10:30:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 19:30:38 +0100 Subject: [SEC] [SA42335] Office Intercom SIP INVITE "Content-Length" Denial of Service Message-ID: <201011261830.oAQIUckr009228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Office Intercom SIP INVITE "Content-Length" Denial of Service SECUNIA ADVISORY ID: SA42335 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42335/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42335 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42335/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42335/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42335 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Office Intercom, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing a SIP INVITE message and can be exploited to cause the process to crash via a large value specified in the "Content-Length" header. The vulnerability is confirmed in version 5.10. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: xsploited security OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 11:30:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 20:30:08 +0100 Subject: [SEC] [SA42361] Ubuntu update for apr-util Message-ID: <201011261930.oAQJU8u4031954@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for apr-util SECUNIA ADVISORY ID: SA42361 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42361/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42361 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42361/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42361/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42361 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41701 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1022-1: http://www.ubuntu.com/usn/usn-1022-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 12:30:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 21:30:02 +0100 Subject: [SEC] [SA42379] IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Vulnerability Message-ID: <201011262030.oAQKU2G1022303@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Vulnerability SECUNIA ADVISORY ID: SA42379 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42379/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42379 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42379/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42379/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42379 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere MQ Internet Pass-Thru, which can be exploited by malicious people to manipulate certain data. For more information: SA37292 SOLUTION: Update to SupportPac 2.0.0.3. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg24006386 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 13:30:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 22:30:17 +0100 Subject: [SEC] [SA42313] MRCGIGUY FreeTicket Multiple SQL Injection Vulnerabilities Message-ID: <201011262130.oAQLUHF2012663@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MRCGIGUY FreeTicket Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42313 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42313/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42313 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42313/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42313/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42313 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in MRCGIGUY FreeTicket, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" and "email" parameters (when "action" is set to "showtickets") and via the "name", "email", "subject", and "message" POST parameters (when "action" is set to "sendmess") to contact.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu and an anonymous person. ORIGINAL ADVISORY: http://evuln.com/vulns/146/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 14:24:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 23:24:26 +0100 Subject: [SEC] [SA42360] WordPress Register Plus Plugin Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201011262224.oAQMOQcW002729@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Register Plus Plugin Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42360 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42360/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42360 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42360/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42360/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42360 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered some vulnerabilities in the Register Plus plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "firstname", "lastname", "website", "aim", "yahoo", "jabber", "about", "pass1", and "pass2" parameters to wp-login.php (when "action" is set to "register") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.5.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4539 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 14:45:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 26 Nov 2010 23:45:15 +0100 Subject: [SEC] [SA42373] Moonlight Generic Constraints Bypass Vulnerability Message-ID: <201011262245.oAQMjFHi023738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Moonlight Generic Constraints Bypass Vulnerability SECUNIA ADVISORY ID: SA42373 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42373/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42373 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42373/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42373/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42373 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Moonlight, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the insufficient validation of arguments passed to generic methods. This can be exploited to circumvent generic constraints and subsequently bypass security policies or potentially execute arbitrary code. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Chris Howie ORIGINAL ADVISORY: Novell Bug #654136: https://bugzilla.novell.com/show_bug.cgi?id=654136 Mono GIT commits: https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 15:15:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 27 Nov 2010 00:15:42 +0100 Subject: [SEC] [SA42356] Microsoft Windows win32k.sys Driver "GreEnableEUDC()" Vulnerability Message-ID: <201011262315.oAQNFgUn012864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver "GreEnableEUDC()" Vulnerability SECUNIA ADVISORY ID: SA42356 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42356/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42356 RELEASE DATE: 2010-11-26 DISCUSS ADVISORY: http://secunia.com/advisories/42356/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42356/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42356 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerability is caused due to an error in win32k.sys when processing the "GreEnableEUDC()" function. This can be exploited to overflow the "EntryContext" buffer specified in the "QueryTable" parameter to the "RtlQueryRegistryValues()" function via e.g. a specially crafted "SystemDefaultEUDCFont" registry value. Successful exploitation allows execution of arbitrary code in the kernel. SOLUTION: Grant access to trusted users only. PROVIDED AND/OR DISCOVERED BY: noobpwnftw OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 26 15:46:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 27 Nov 2010 00:46:36 +0100 Subject: [SEC] [SA42367] Ubuntu update for apache2 Message-ID: <201011262346.oAQNka3n001845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for apache2 SECUNIA ADVISORY ID: SA42367 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42367/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42367 RELEASE DATE: 2010-11-27 DISCUSS ADVISORY: http://secunia.com/advisories/42367/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42367/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42367 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apache2. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40206 SA41811 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1021-1: http://www.ubuntu.com/usn/usn-1021-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 10:29:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 19:29:58 +0100 Subject: [SEC] [SA41482] McAfee VirusScan Enterprise Insecure Library Loading Vulnerability Message-ID: <201011291829.oATITwUk008043@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: McAfee VirusScan Enterprise Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41482 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41482/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41482 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/41482/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41482/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41482 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in McAfee VirusScan Enterprise, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. traceapp.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word Document with an embedded ActiveX control located on a remote WebDAV or SMB share in Microsoft Office 2003. The vulnerability is confirmed in version 8.5.0i (patch 8, 32bit scanmodule version 5400.1158, DAT version 6107.0000). Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar, via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 11:29:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 20:29:34 +0100 Subject: [SEC] [SA42393] collectd "cu_rrd_create_file()" Denial of Service Vulnerability Message-ID: <201011291929.oATJTYOG030807@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: collectd "cu_rrd_create_file()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42393 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42393/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42393 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42393/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42393/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42393 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in collectd, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the "cu_rrd_create_file()" function in src/utils_rrdcreate.c, which can be exploited to trigger an assertion via e.g. the RRDtool and RRDCacheD plugins by sending specially crafted network packets. The vulnerability is reported in versions prior to 4.9.4 and 4.10.2. SOLUTION: Update to version 4.9.4 and 4.10.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: collectd: http://collectd.org/news.shtml#news86 Debian Bug #605092: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 12:29:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 21:29:36 +0100 Subject: [SEC] [SA42403] Oracle Solaris APR-util "apr_brigade_split_line()" Denial of Service Vulnerability Message-ID: <201011292029.oATKTaeR021175@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris APR-util "apr_brigade_split_line()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42403 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42403/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42403 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42403/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42403/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42403 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris and OpenSolaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA41701 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 13:29:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 22:29:52 +0100 Subject: [SEC] [SA42404] Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability Message-ID: <201011292129.oATLTqUb011564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA42404 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42404/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42404 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42404/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42404/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42404 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris and OpenSolaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41452 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 14:24:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 23:24:25 +0100 Subject: [SEC] [SA42387] Jurpopage Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201011292224.oATMOPgb001645@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Jurpopage Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42387 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42387/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42387 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42387/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42387/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42387 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Jurpopage, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "category" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "note" and "pg" parameters in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed to the "url" parameter in url-gateway.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerabilities are confirmed in version 0.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) Sudden_death 2, 3) Corporal Strappi ORIGINAL ADVISORY: 1) http://www.exploit-db.com/exploits/15621/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 14:44:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 29 Nov 2010 23:44:47 +0100 Subject: [SEC] [SA42383] Site2Nite Big Truck Broker "txtSiteId" SQL Injection Vulnerability Message-ID: <201011292244.oATMilr0022692@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Site2Nite Big Truck Broker "txtSiteId" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42383 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42383/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42383 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42383/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42383/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42383 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Site2Nite Big Truck Broker, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "txtSiteId" parameter to news_default.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: underground-stockholm.com OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 15:15:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 00:15:59 +0100 Subject: [SEC] [SA42353] SiteEngine "module" SQL Injection Vulnerability Message-ID: <201011292315.oATNFxNx011765@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SiteEngine "module" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42353 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42353/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42353 RELEASE DATE: 2010-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/42353/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42353/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42353 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SiteEngine, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "module" parameter to comments.php (when "id" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 7.1. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Beach OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 15:47:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 00:47:30 +0100 Subject: [SEC] [SA42386] MemHT Portal "User-Agent" HTTP Header Script Insertion Vulnerability Message-ID: <201011292347.oATNlUUJ000901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MemHT Portal "User-Agent" HTTP Header Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42386 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42386/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42386 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42386/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42386/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42386 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MemHT Portal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "User-Agent" HTTP header to e.g. index.php (when "page" is set to "users") is not properly sanitised in inc/inc_getinfo.php before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator's browser session in context of an affected site when the malicious data is viewed. The vulnerability is confirmed in version 4.0.1. Prior versions may also be affected. SOLUTION: Update to version 4.0.2. PROVIDED AND/OR DISCOVERED BY: ZonTa ORIGINAL ADVISORY: MemHT Portal: http://www.memht.com/news_149_MemHT-Portal-4-0-2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 16:13:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 01:13:31 +0100 Subject: [SEC] [SA42316] Easy Banner Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201011300013.oAU0DV0A022204@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Easy Banner Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42316 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42316/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42316 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42316/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42316/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42316 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aliaksandr Hartsuyeu has discovered some vulnerabilities in Easy Banner, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "siteurl" and "urlbanner" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "username" and "password" parameters to member.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability allows bypassing the authentication mechanism, but requires that "magic_quotes_gpc" is disabled. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu, eVuln.com. ORIGINAL ADVISORY: http://evuln.com/vulns/147/summary.html http://evuln.com/vulns/148/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 16:47:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 01:47:47 +0100 Subject: [SEC] [SA42392] Debian update for wireshark Message-ID: <201011300047.oAU0llwt011408@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for wireshark SECUNIA ADVISORY ID: SA42392 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42392/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42392 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42392/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42392/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42392 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wireshark. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41535 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2127-1: http://lists.debian.org/debian-security-announce/2010/msg00178.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 17:15:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 02:15:55 +0100 Subject: [SEC] [SA42402] Oracle Solaris Perl Safe Module Security Bypass Message-ID: <201011300115.oAU1FtXV032756@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Perl Safe Module Security Bypass SECUNIA ADVISORY ID: SA42402 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42402/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42402 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42402/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42402/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42402 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a security issue in Solaris, which can be exploited by malicious people to bypass certain security restrictions. For more information see vulnerability #1 in: SA40049 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 29 17:45:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 02:45:09 +0100 Subject: [SEC] [SA42405] Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability Message-ID: <201011300145.oAU1j9H7021746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA42405 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42405/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42405 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42405/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42405/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42405 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41452 SOLUTION: Do not open untrusted files. ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 10:30:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 19:30:39 +0100 Subject: [SEC] [SA42378] Debian update for linux-2.6 Message-ID: <201011301830.oAUIUdtl022859@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA42378 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42378/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42378 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42378/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42378/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42378 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain escalated privileges, or to disclose certain system and potentially sensitive information, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA38863 SA41002 SA41245 SA41263 SA41284 SA41440 SA41493 SA41650 SA41693 SA42035 SA42061 SA42094 SA42126 SA42225 1) An error withing the Econet protocol implementation can be exploited to cause a stack overflow by sending specially crafted network traffic. 2) An error within the "econet_sendmsg()" function in net/econet/af_econet.c when handling remote addresses can be exploited to cause a crash. 3) An error within the "ec_dev_ioctl()" function in net/econet/af_econet.c incorrectly enforces access restriction, which can be exploited to assign an Econet address to arbitrary interfaces. 4) The "get_name()" function in net/tipc/socket.c is not properly initializing a structure before copying it to userspace. This can be exploited to disclose potentially sensitive information. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 3) Nelson Elhage 4) Vasiliy Kulikov ORIGINAL ADVISORY: DSA 2126-1: http://lists.debian.org/debian-security-announce/2010/msg00177.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 11:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 20:30:05 +0100 Subject: [SEC] [SA42408] phpMyAdmin Database Search Cross-Site Scripting Vulnerability Message-ID: <201011301930.oAUJU5PB013204@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpMyAdmin Database Search Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42408 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to the database search script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 2.11.11.1 and 3.3.8.1. SOLUTION: Update to version 2.11.11.1 or version 3.3.8.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexander Opitz. ORIGINAL ADVISORY: PMASA-2010-8: http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 12:30:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 21:30:10 +0100 Subject: [SEC] [SA42410] Red Hat update for php Message-ID: <201011302030.oAUKUAKt003577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for php SECUNIA ADVISORY ID: SA42410 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42410/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42410 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42410/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42410/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42410 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for php. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service), disclose system and potentially sensitive information, and compromise a vulnerable system. For more information: SA38708 SA38930 SA39675 SA40268 SA41724 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0919-1: http://rhn.redhat.com/errata/RHSA-2010-0919.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 13:30:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 22:30:03 +0100 Subject: [SEC] [SA42422] Xen GDT/LDT Access Denial of Service Vulnerability Message-ID: <201011302130.oAULU3Z9026365@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xen GDT/LDT Access Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42422 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42422/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42422 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42422/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42422/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42422 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to insufficient restriction checks within the "fixup_page_fault()" function in xen/arch/x86/traps.c. For more information: SA42395 SOLUTION: Restrict access to trusted users only. ORIGINAL ADVISORY: http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 14:24:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 23:24:01 +0100 Subject: [SEC] [SA42385] Skeletonz CMS Multiple Script Insertion Vulnerabilities Message-ID: <201011302224.oAUMO1KP016455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Skeletonz CMS Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42385 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42385/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42385 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42385/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42385/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42385 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Skeletonz CMS, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "Name", "Website", and "Email" fields when submitting a comment is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site. Successful exploitation requires that the Blog plugin is enabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: Jordan Diaz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 14:44:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 30 Nov 2010 23:44:56 +0100 Subject: [SEC] [SA42397] SUSE Update for Multiple Packages Message-ID: <201011302244.oAUMiud1005077@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA42397 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42397/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42397 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42397/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42397/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42397 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security features and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40908 SA41038 SA41596 SA42243 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:022: http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 15:17:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 00:17:14 +0100 Subject: [SEC] [SA42004] Winamp Multiple Vulnerabilities Message-ID: <201011302317.oAUNHEId026714@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Winamp Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42004 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42004/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42004 RELEASE DATE: 2010-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/42004/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42004/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42004 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists in the "in_nsv.dll" plugin when parsing the NSV Table of Contents data. This can be exploited to cause a heap-based buffer overflow via a specially crafted stream or file. Successful exploitation allows execution of arbitrary code. This vulnerability is confirmed in versions 5.581 and 5.59 Beta Build 3033. 2) Some integer overflow errors within "in_midi" can be exploited to cause buffer overflows. This vulnerability is reported in versions prior to 5.6. SOLUTION: Update to version 5.6. PROVIDED AND/OR DISCOVERED BY: 1) Carsten Eiram, Secunia Research 2) The vendor credits Joakim @ nsense ORIGINAL ADVISORY: Winamp: http://forums.winamp.com/showthread.php?threadid=159785 Secunia Research: http://secunia.com/secunia_research/2010-127/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 15:48:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 00:48:27 +0100 Subject: [SEC] [SA42395] Xen GDT/LDT Access Denial of Service Vulnerability Message-ID: <201011302348.oAUNmRSx015784@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xen GDT/LDT Access Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42395 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42395 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42395/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42395/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42395 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to insufficient restriction checks within the "fixup_page_fault()" function in xen/arch/x86/traps.c, which can be exploited out of a guest system to trigger a "BUG_ON()" by accessing the GDT/LDT mapping area directly. Successful exploitation requires 64bit systems. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 16:15:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 01:15:22 +0100 Subject: [SEC] [SA42377] Hitachi Products Multiple Vulnerabilities Message-ID: <201012010015.oB10FMx4004679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42377 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42377 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42377/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42377/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42377 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Hitachi products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and potentially compromise a vulnerable system. The vulnerabilities are caused due to including a vulnerable version of Cosminexus Developer's Kit for Java. For more information: SA41791 Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. See vendor advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 16:46:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 01:46:43 +0100 Subject: [SEC] [SA42421] NetBSD "udp6_output()" Denial of Service Vulnerability Message-ID: <201012010046.oB10khDa026174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetBSD "udp6_output()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42421 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42421/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42421 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42421/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42421/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42421 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused to an error in the "udp6_output()" function in sys/netinet6/udp6_output.c when processing UDP6 datagram packets and can be exploited to dereference an uninitialized pointer causing the kernel to crash. SOLUTION: Fixed in the CVS repository (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Clement LECIGNE. ORIGINAL ADVISORY: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-013.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 17:15:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 02:15:30 +0100 Subject: [SEC] [SA42409] Red Hat update for cvs Message-ID: <201012010115.oB11FUA3015147@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for cvs SECUNIA ADVISORY ID: SA42409 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42409/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42409 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42409/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42409/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42409 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41079 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0918-1: https://rhn.redhat.com/errata/RHSA-2010-0918.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 17:45:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 02:45:44 +0100 Subject: [SEC] [SA42381] Fedora update for openconnect Message-ID: <201012010145.oB11jiYN004167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for openconnect SECUNIA ADVISORY ID: SA42381 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42381/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42381 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42381/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42381/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42381 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openconnect. This fixes a weakness, which can be exploited by malicious people to gain access to sensitive information. The weakness is caused due to the application displaying the "webvpn" cookie when running in debug mode, which is used to identify a VPN session. SOLUTION: Apply updated packages via the yum utility ("yum update openconnect"). ORIGINAL ADVISORY: FEDORA-2010-18032: https://admin.fedoraproject.org/updates/openconnect-2.26-1.fc12 FEDORA-2010-18053: https://admin.fedoraproject.org/updates/openconnect-2.26-2.fc13 FEDORA-2010-18055: https://admin.fedoraproject.org/updates/openconnect-2.26-4.fc14 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 18:10:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 03:10:20 +0100 Subject: [SEC] [SA42413] FreeBSD update for openssl Message-ID: <201012010210.oB12AKVm025366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FreeBSD update for openssl SECUNIA ADVISORY ID: SA42413 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42413/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42413 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42413/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42413/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42413 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: FreeBSD has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40906 SA42243 SOLUTION: Update FreeBSD or apply the patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: FreeBSD-SA-10:10: http://security.freebsd.org/advisories/FreeBSD-SA-10:10.openssl.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 18:24:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 03:24:47 +0100 Subject: [SEC] [SA42384] VMware ESX Server update for kernel Message-ID: <201012010224.oB12Olov013697@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Server update for kernel SECUNIA ADVISORY ID: SA42384 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42384/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42384 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42384/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42384/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42384 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for the Console OS (COS) kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information see vulnerability #1 in: SA41462 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0017: http://lists.vmware.com/pipermail/security-announce/2010/000111.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 18:46:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 03:46:22 +0100 Subject: [SEC] [SA42382] Fedora update for libvpx Message-ID: <201012010246.oB12kMp0002289@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for libvpx SECUNIA ADVISORY ID: SA42382 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42382/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42382 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42382/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42382/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42382 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libvpx. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42118 SOLUTION: Apply updated packages using the yum utility ("yum update libvpx"). ORIGINAL ADVISORY: FEDORA-2010-17893: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051635.html FEDORA-2010-17876: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051629.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 19:15:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 04:15:36 +0100 Subject: [SEC] [SA42388] Kerio Control Web Filter Unspecified Vulnerability Message-ID: <201012010315.oB13Faw3024213@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kerio Control Web Filter Unspecified Vulnerability SECUNIA ADVISORY ID: SA42388 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42388/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42388 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42388/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42388/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42388 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in Kerio Control. The vulnerability is caused due to an unspecified error within the Web Filter component. No further information is currently available. The vulnerability is reported in versions prior to 7.1.0. SOLUTION: Update to version 7.1.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.kerio.com/control/history OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 19:45:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 04:45:32 +0100 Subject: [SEC] [SA42416] GNU Gnash Insecure Temporary Files Security Issue Message-ID: <201012010345.oB13jWxC013233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GNU Gnash Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA42416 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42416/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42416 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42416/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42416/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42416 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in GNU Gnash, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the configure script using temporary files in an insecure manner. This can be exploited via symlink attacks to e.g. overwrite arbitrary files with the privileges of the user running the script. The security issue is confirmed in version 0.8.8. Other versions may also be affected. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Jakub Wilk. ORIGINAL ADVISORY: Debian Bug #605419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 20:10:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 05:10:54 +0100 Subject: [SEC] [SA42414] Cisco IPsec VPN Implementation Group Name Enumeration Weakness Message-ID: <201012010410.oB14AsVc002006@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IPsec VPN Implementation Group Name Enumeration Weakness SECUNIA ADVISORY ID: SA42414 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42414/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42414 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42414/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42414/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42414 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious people to gain knowledge of certain information. The problem is that the device returns different responses depending on whether or not a valid group name is supplied when the device is configured for group name authentication and using a pre-shared key. This is related to: SA15765 SOLUTION: Update to a fixed version when it becomes available. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Gavin Jones, NGS Secure. ORIGINAL ADVISORY: http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 20:44:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 05:44:03 +0100 Subject: [SEC] [SA42358] Ubuntu update for linux Message-ID: <201012010444.oB14i3hI023622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA42358 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42358/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42358 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42358/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42358/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42358 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA42378 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1023-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-November/001204.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 21:11:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 06:11:37 +0100 Subject: [SEC] [SA42376] Apache Archiva Cross-Site Request Forgery Vulnerability Message-ID: <201012010511.oB15BbAa013556@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Archiva Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42376 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42376/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42376 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42376/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42376/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42376 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Archiva, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrators credentials by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is reported in versions 1.3 through 1.3.1. SOLUTION: Update to version 1.3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Anatolia Security Research Group. ORIGINAL ADVISORY: http://jira.codehaus.org/browse/MRM-1438 http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2 at mail.gmail.com%3E OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 21:43:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 06:43:45 +0100 Subject: [SEC] [SA42351] ProVJ Playlist Processing Buffer Overflow Vulnerability Message-ID: <201012010543.oB15hjZN002639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ProVJ Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42351 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42351/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42351 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42351/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42351/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42351 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ProVJ, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a stack-based buffer overflow e.g. when a user is tricked into opening a specially crafted .m3u playlist file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 5.1.5.5. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: 0v3r ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15635/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 30 22:08:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 07:08:47 +0100 Subject: [SEC] [SA42267] CA Internet Security Suite Plus "KmxSbx.sys" IOCTL Handling Privilege Escalation Message-ID: <201012010608.oB168l1x023876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CA Internet Security Suite Plus "KmxSbx.sys" IOCTL Handling Privilege Escalation SECUNIA ADVISORY ID: SA42267 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42267/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42267 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42267/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42267/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42267 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CA Internet Security Suite Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the "KmxSbx.sys" kernel driver when processing IOCTLs and can be exploited to cause a buffer overflow via e.g. overly large data buffer (greater than 65535 bytes) sent to the 0x88000080 IOCTL. Successful exploitation allows execution of arbitrary code in the kernel. The vulnerability is confirmed in CA Internet Security Suite Plus 2010 (KmxSbx.sys 6.2.0.23). Other versions may also be affected. SOLUTION: Grant access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Nikita Tarakanov OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------