From sec-adv at secunia.com Fri Apr 1 10:30:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 19:30:24 +0200 Subject: [SEC] [SA43915] Cetera eCommerce Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201104011730.p31HUOuN013320@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Cetera eCommerce Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43915 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43915/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43915 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43915/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43915/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43915 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has reported some vulnerabilities in Cetera eCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the URL when e.g. the URL resolves to a non-existent page is not properly sanitised before being returned to the user within e.g. a 404 error page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This is related to vulnerability #2 in: SA40763 2) Input passed via the URL when accessing the catalog and catalog/cart sections is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 15. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: MustLive: http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0310.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 11:31:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 20:31:04 +0200 Subject: [SEC] [SA43905] SUSE update for logwatch Message-ID: <201104011831.p31IV4SE003788@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for logwatch SECUNIA ADVISORY ID: SA43905 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43905/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43905 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43905/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43905/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43905 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43495 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0243-1: https://hermes.opensuse.org/messages/7768707 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 12:30:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 21:30:10 +0200 Subject: [SEC] [SA43994] IBM Tivoli Directory Server Multiple Vulnerabilities Message-ID: <201104011930.p31JUAZA026639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Directory Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43994 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) An error within ibmslapd.exe when processing certain requests can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. 3) The TDS proxy server stores the user's password in cleartext in the audit log when the backend server is configured to audit extended operations. The vulnerabilities are reported in versions 6.1, 6.2, and 6.3. SOLUTION: Apply interm fixes when available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Francis Provencher, Protek Research Labs via ZDI. 3) Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21474615 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 13:30:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 22:30:23 +0200 Subject: [SEC] [SA43992] SUSE update for quagga Message-ID: <201104012030.p31KUNUM017105@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA43992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43992 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41038 SA43770 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0269-1: https://hermes.opensuse.org/messages/7789143 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 14:23:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 23:23:54 +0200 Subject: [SEC] [SA43969] NetBSD IPComp Payload Decompression Stack Overflow Vulnerability Message-ID: <201104012123.p31LNscL007291@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: NetBSD IPComp Payload Decompression Stack Overflow Vulnerability SECUNIA ADVISORY ID: SA43969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43969 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tavis Ormandy has reported a vulnerability in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the handling of encapsulated IPComp (IP Payload Compression Protocol) payloads, which can be exploited to cause a stack overflow by sending specially crafted packets to a vulnerable server. SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/04/01/1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 14:45:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Apr 2011 23:45:00 +0200 Subject: [SEC] [SA43968] IBM AIX LDAP Authentication Bypass Vulnerability Message-ID: <201104012145.p31Lj0RT028386@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: IBM AIX LDAP Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA43968 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43968/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43968 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43968/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43968/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43968 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to an unspecified error, which can be exploited to successfully authenticate with an incorrect password. Successful exploitation requires that the "authtype" setting in /etc/security/ldap/ldap.cfg file is set to "ldap_auth". Additionally, the default stanza has to be set to "SYTEM = "LDAP or compat"" if the user does not have an own stanza or, alternatively, the user needs to have a "SYTEM = "LDAP or compat" attribute in the /etc/security/user file. SOLUTION: Apply APAR IZ97416 when available or apply the fix. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 15:10:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 00:10:22 +0200 Subject: [SEC] [SA43990] HP-UX XNTP Denial of Service Vulnerability Message-ID: <201104012210.p31MAMnG017308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: HP-UX XNTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43990 RELEASE DATE: 2011-04-01 DISCUSS ADVISORY: http://secunia.com/advisories/43990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged a vulnerability in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37629 The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31 running XNTP. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02639 SSRT100293: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02737553 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 15:24:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 00:24:26 +0200 Subject: [SEC] [SA43995] FreeBSD IPComp Payload Decompression Stack Overflow Vulnerability Message-ID: <201104012224.p31MOQ5t005700@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: FreeBSD IPComp Payload Decompression Stack Overflow Vulnerability SECUNIA ADVISORY ID: SA43995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43995 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tavis Ormandy has reported a vulnerability in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of certain IPComp (IP Payload Compression Protocol) payloads, which can be exploited to cause a stack overflow by sending specially crafted packets to a vulnerable server. This is related to: SA43969 SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/04/01/1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 15:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 00:45:32 +0200 Subject: [SEC] [SA43987] RealNetworks Helix Server Two Vulnerabilities Message-ID: <201104012245.p31MjWcP026804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: RealNetworks Helix Server Two Vulnerabilities SECUNIA ADVISORY ID: SA43987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43987 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43923 SOLUTION: Upgrade to version 14.2. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 16:11:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 01:11:04 +0200 Subject: [SEC] [SA43993] IBM WEBi Two Vulnerabilities Message-ID: <201104012311.p31NB4cm015738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: IBM WEBi Two Vulnerabilities SECUNIA ADVISORY ID: SA43993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43993 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM WEBi, where one has unknown impacts and the other can be exploited by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerabilities are reported in versions prior to 1.0.4 Fix Pack 3. SOLUTION: Update to version 1.0.4 Fix Pack 3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IO13663, IO13806): http://www.ibm.com/support/docview.wss?uid=swg24029060 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 16:45:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 01:45:30 +0200 Subject: [SEC] [SA43988] Pure-FTPd "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201104012345.p31NjUDD005022@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Pure-FTPd "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA43988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43988 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Pure-FTPd, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. FTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. The vulnerability is reported in versions prior to 1.0.30. SOLUTION: Update to version 1.0.30. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.pureftpd.org/project/pure-ftpd/news OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 17:13:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 02:13:31 +0200 Subject: [SEC] [SA43920] XML Security Library XSLT File Access Vulnerability Message-ID: <201104020013.p320DVUc026468@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: XML Security Library XSLT File Access Vulnerability SECUNIA ADVISORY ID: SA43920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43920 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the XML Security Library, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the library not properly restricting file reads and writes when verifying the signature of XML files, which can be exploited to e.g. write arbitrary content into an arbitrary file via a XML file containing specially crafted transformations. The vulnerability is reported in versions prior to 1.2.17. SOLUTION: Update to version 1.2.17. PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Gregoire. ORIGINAL ADVISORY: http://www.aleksey.com/pipermail/xmlsec/2011/009120.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 17:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 02:45:32 +0200 Subject: [SEC] [SA43906] Ubuntu update for openldap Message-ID: <201104020045.p320jWLK015665@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openldap SECUNIA ADVISORY ID: SA43906 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43906 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43906/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43906/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43906 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43331 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1100-1: http://www.ubuntu.com/usn/usn-1100-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 18:10:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 03:10:56 +0200 Subject: [SEC] [SA43984] HP-UX Unspecified Denial of Service Vulnerability Message-ID: <201104020110.p321AuPl004571@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: HP-UX Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43984 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in HP-UX B.11.23 and B.11.3. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02646 SSRT100396: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02753287 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 18:45:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 03:45:15 +0200 Subject: [SEC] [SA43927] SUSE update for gdm Message-ID: <201104020145.p321jFdM026285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for gdm SECUNIA ADVISORY ID: SA43927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43927 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued and update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA43854 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0275-1: https://hermes.opensuse.org/messages/7795774 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 19:14:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 04:14:43 +0200 Subject: [SEC] [SA43923] RealNetworks Helix Server Two Vulnerabilities Message-ID: <201104020214.p322EhW9015825@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: RealNetworks Helix Server Two Vulnerabilities SECUNIA ADVISORY ID: SA43923 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43923/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43923 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43923/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43923/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43923 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious people to compromise a vulnerable system. 1) A format string error exists within the processing of the x-wap-profile header. 2) A boundary error in the DNA Server when parsing Real Time Streaming Protocol (RTSP) requests can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to TCP port 554. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 14.2. SOLUTION: Update to version 14.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits defrost via ZDI. 2) defrost via iDefense. ORIGINAL ADVISORY: RealNetworks: http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=899 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 19:45:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 04:45:14 +0200 Subject: [SEC] [SA43991] HP-UX Apache Web Server Suite Multiple Vulnerabilities Message-ID: <201104020245.p322jERv004951@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: HP-UX Apache Web Server Suite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43991 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged some vulnerabilities in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). For more information: SA38852 SA43198 The vulnerabilities are reported in the following versions: * HP-UX B.11.23 and B.11.31 running HP-UX Apache Web Server Suite version 3.14 and prior. * HP-UX B.11.11, B.11.23, and B.11.31 running HP-UX Apache Web Server Suite version 2.32 and prior. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02645 SSRT100387: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02752210 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 20:10:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 05:10:09 +0200 Subject: [SEC] [SA43986] SUSE update for apparmor Message-ID: <201104020310.p323A91t026248@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for apparmor SECUNIA ADVISORY ID: SA43986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43986 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apparmor. This fixes a weakness, which can be exploited to bypass certain security restrictions. For more information: SA42828 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0268-1: https://hermes.opensuse.org/messages/7789107 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 20:24:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 05:24:26 +0200 Subject: [SEC] [SA43982] SUSE update for quagga Message-ID: <201104020324.p323OQKw014636@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA43982 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43982/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43982 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43982/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43982/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43982 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43770 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0262-1: https://hermes.opensuse.org/messages/7786951 openSUSE-SU-2011:0274-1: https://hermes.opensuse.org/messages/7795766 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 20:45:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 05:45:21 +0200 Subject: [SEC] [SA43983] Juniper IVE Network Connect Credential Provider Security Bypass Message-ID: <201104020345.p323jLXr003329@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Juniper IVE Network Connect Credential Provider Security Bypass SECUNIA ADVISORY ID: SA43983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43983 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Juniper Networks Secure Access, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error within the Network Connect Credential Provider, which can be exploited to bypass the authentication on Windows 7 and Windows Vista. SOLUTION: Update to version 6.5R9, 7.0R4, or 7.1R1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2011-03-187&viewMode=view OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 21:10:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 06:10:44 +0200 Subject: [SEC] [SA43985] HP Operations for UNIX Cross-Site Scripting and Security Bypass Message-ID: <201104020410.p324Aiaa024647@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: HP Operations for UNIX Cross-Site Scripting and Security Bypass SECUNIA ADVISORY ID: SA43985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43985 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP Operations for UNIX, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security features. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error can be exploited to gain unauthorised access to unspecified resources. No further information is currently available. The vulnerabilities are reported in HP Operations for UNIX v9.10. SOLUTION: Apply the hotfix (available through the customer support channels by requesting QCCR1A121284_QCCR1A121281_hotfix.tar.gz). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02650 SSRT100429: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02770049 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 21:45:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 06:45:49 +0200 Subject: [SEC] [SA43952] Fedora update for pure-ftpd Message-ID: <201104020445.p324jnEU013998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Fedora update for pure-ftpd SECUNIA ADVISORY ID: SA43952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43952 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pure-ftpd. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data. For more information: SA43988 SOLUTION: Apply updated packages via the yum utility ("yum update pure-ftpd"). ORIGINAL ADVISORY: FEDORA-2011-3349: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057170.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 1 22:10:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 07:10:50 +0200 Subject: [SEC] [SA43956] Red Hat update for quagga Message-ID: <201104020510.p325AoEE002854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Red Hat update for quagga SECUNIA ADVISORY ID: SA43956 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43956/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43956 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43956/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43956/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43956 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43770 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0406-01: https://rhn.redhat.com/errata/RHSA-2011-0406.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 10:30:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 19:30:37 +0200 Subject: [SEC] [SA43930] SUSE update for postgresql Message-ID: <201104021730.p32HUbZ1023902@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for postgresql SECUNIA ADVISORY ID: SA43930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43930 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for postgresql. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0257-1: https://hermes.opensuse.org/messages/7775134 openSUSE-SU-2011:0254-1: https://hermes.opensuse.org/messages/7775092 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 11:30:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 20:30:23 +0200 Subject: [SEC] [SA43965] IBM WebSphere Application Server for z/OS Access Permissions Security Issue Message-ID: <201104021830.p32IUNOv014359@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS Access Permissions Security Issue SECUNIA ADVISORY ID: SA43965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43965 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to unintended access permissions being assigned to users for WebSphere applications when WebSphere is configured with a Local OS user registry or a Federated Repository configured with RACF (Resource Access Control Facility) adapter. The security issue is reported in the following versions: * WebSphere Application Server for z/OS versions 6.0 through 6.0.2.43, 6.1 through 6.1.0.35, and 7.0 through 7.0.0.15. * WebSphere Application Server OEM for z/OS (FMID HBBN610) versions 6.1.0.25 through 6.1.0.32 and 7.0.0.7 through 7.0.0.13. SOLUTION: Apply patches. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM35480, PM35478, PM35545, PM35611, PM35609): http://www.ibm.com/support/docview.wss?uid=swg21473989 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 12:32:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 21:32:12 +0200 Subject: [SEC] [SA43898] Erlang/OTP Two Vulnerabilities Message-ID: <201104021932.p32JWCFJ004863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Erlang/OTP Two Vulnerabilities SECUNIA ADVISORY ID: SA43898 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43898/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43898 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43898/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43898/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43898 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Erlang/OTP, which can be exploited by malicious people to cause a crash and potentially compromise a vulnerable system. 1) An error within the handling of 64-bit integers can be exploited to e.g. crash the emulator. Note: This only affects drivers using the "ERL_DRV_INT64" or "ERL_DRV_UINT64" functions. This vulnerability is reported in version R13B03 and later but prior to R14B. 2) An error within the "erl_term_len()" function can cause too large or too small values to be returned. This vulnerability is reported in version R9B and later but prior to R14B01. SOLUTION: Update to version R14B02. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.erlang.org/download/otp_src_R14B.readme http://www.erlang.org/download/otp_src_R14B01.readme OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 13:30:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 22:30:26 +0200 Subject: [SEC] [SA43959] SUSE update for SUSE Linux Enterprise High Availability Extension 11 Message-ID: <201104022030.p32KUQ4w027663@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: SUSE update for SUSE Linux Enterprise High Availability Extension 11 SECUNIA ADVISORY ID: SA43959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43959 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for SUSE Linux Enterprise High Availability Extension 11. This fixes a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information. For more information: SA43966 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0258-1: https://hermes.opensuse.org/messages/7775666 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 14:24:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 23:24:53 +0200 Subject: [SEC] [SA43951] Fedora update for mono and mono-addins Message-ID: <201104022124.p32LOrWq017852@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Fedora update for mono and mono-addins SECUNIA ADVISORY ID: SA43951 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43951/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43951 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43951/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43951/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43951 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mono and mono-addins. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a user's system. For more information: SA42174 SA42373 SOLUTION: Apply updated packages via the yum utility ("yum update mono mono-addins"). ORIGINAL ADVISORY: FEDORA-2011-3393: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057177.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057178.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 2 14:45:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Apr 2011 23:45:32 +0200 Subject: [SEC] [SA43954] Fedora update for asterisk Message-ID: <201104022145.p32LjWoW006551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Fedora update for asterisk SECUNIA ADVISORY ID: SA43954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43954 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for asterisk. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43722 SOLUTION: Apply updated packages via the yum utility ("yum update asterisk"). ORIGINAL ADVISORY: FEDORA-2011-3942: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html FEDORA-2011-3945: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 10:30:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 19:30:17 +0200 Subject: [SEC] [SA44005] Anzeigenmarkt 2011 "q" SQL Injection Vulnerability Message-ID: <201104041730.p34HUHaQ014479@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Anzeigenmarkt 2011 "q" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44005 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/44005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Anzeigenmarkt 2011, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "q" parameter (when "d" is set to "list") in index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/100006/anzeigenmarkt-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 11:30:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 20:30:23 +0200 Subject: [SEC] [SA43939] SUSE update for php5 Message-ID: <201104041830.p34IUNr1004921@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for php5 SECUNIA ADVISORY ID: SA43939 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43939/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43939 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/43939/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43939/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43939 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for php5. This fixes a weakness and some vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41724 SA42843 SA43328 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0285-1: https://hermes.opensuse.org/messages/7801177 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 12:30:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 21:30:21 +0200 Subject: [SEC] [SA44030] IBM solidDB Password Hash Authentication Bypass Vulnerability Message-ID: <201104041930.p34JUL5n027790@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IBM solidDB Password Hash Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA44030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44030 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/44030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism in solid.exe, which does not properly verify the password hash length. This can be exploited to bypass the authentication mechanism by providing only the first few bytes of the password hash via a specially crafted request sent to TCP ports 1315, 1964, or 2315. The vulnerability is reported in the following versions: * IBM solidDB versions 4.5.180 and prior. * IBM solidDB versions 6.0.1066 and prior. * IBM solidDB versions 6.1.20 and prior. * IBM solidDB versions 6.3 Fix Pack 6 and prior. * IBM solidDB versions 6.5 Fix Pack 2 and prior. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Tenable Network Security via ZDI. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21474552 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-115/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 13:30:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 22:30:28 +0200 Subject: [SEC] [SA43961] InTerra Blog Machine Cross-Site Request Forgery Vulnerability Message-ID: <201104042030.p34KUSR9018261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: InTerra Blog Machine Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43961 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43961/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43961 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/43961/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43961/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43961 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in InTerra Blog Machine, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add arbitrary entries and conduct script insertion attacks by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.84. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22931: http://archives.neohapsis.com/archives/bugtraq/2011-03/0319.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 14:24:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 23:24:21 +0200 Subject: [SEC] [SA43964] WordPress AdWizz Plugin "link" Cross-Site Scripting Vulnerability Message-ID: <201104042124.p34LOL3C008447@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WordPress AdWizz Plugin "link" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43964 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43964/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43964 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/43964/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43964/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43964 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the AdWizz plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "link" parameter to wp-content/plugins/ad-wizz/template.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/WordPress.AdWizz.1.0_Reflected.Cross-site.Scripting_168.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 14:46:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Apr 2011 23:46:08 +0200 Subject: [SEC] [SA43996] RealArcade InstallerDlg Module ActiveX Controls Unsafe Methods Message-ID: <201104042146.p34Lk8ux029577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: RealArcade InstallerDlg Module ActiveX Controls Unsafe Methods SECUNIA ADVISORY ID: SA43996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43996 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/43996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered multiple vulnerabilities in RealArcade InstallerDlg Module, which can be exploited by malicious people to compromise a user's system. 1) The unsafe "CreateVistaTaskLow()", "Exec()", and "ExecLow()", and "ShellExec()" methods provided by the "StubbyUtil.ProcessMgr.1" ActiveX control allow execution of arbitrary commands on a user's system via a specially crafted web page. 2) The unsafe "CopyDocument()" method provided by the "StubbyUtil.ShellCtl.1" ActiveX control allows copying arbitrary files e.g. located on a remote share to an arbitrary location on a user's system via a specially crafted web page. 3) The unsafe "CreateShortcut()", "ShellExec()", and "ShellExecRunAs()" methods provided by the "StubbyUtil.ShellCtl.1" ActiveX control allow execution of arbitrary commands on a user's system via a specially crafted web page. The vulnerabilities are confirmed in version 2.6.0.445. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX controls. PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_StubbyUtil.ProcessMgr.1_adv.html http://retrogod.altervista.org/9sg_StubbyUtil.ShellCtl.1_adv.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 15:10:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 00:10:01 +0200 Subject: [SEC] [SA43963] WordPress WP Custom Pages "url" File Disclosure Vulnerability Message-ID: <201104042210.p34MA1mx018402@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WordPress WP Custom Pages "url" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA43963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43963 RELEASE DATE: 2011-04-04 DISCUSS ADVISORY: http://secunia.com/advisories/43963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the WP Custom Pages plugin for WordPress, which can be exploited by malicious people to disclose sensitive information. Input passed via the "url" parameter to wp-content/plugins/wp-custom-pages/wp-download.php is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 0.5.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/WordPress.WP.Custom.Pages.0.5.0.1_Local.File.Inclusion_169.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 15:24:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 00:24:45 +0200 Subject: [SEC] [SA43967] WordPress Placester Plugin "ajax_action" Cross-Site Scripting Vulnerability Message-ID: <201104042224.p34MOjlY006821@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WordPress Placester Plugin "ajax_action" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43967 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43967/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43967 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43967/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43967/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43967 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the Placester plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "ajax_action" parameter to wp-content/plugins/placester/admin/support_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/WordPress.Placester.0.1.0_Reflected.Cross-site.Scripting_167.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 15:45:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 00:45:38 +0200 Subject: [SEC] [SA43962] LiveStreet CMS "url" Cross-Site Scripting Vulnerability Message-ID: <201104042245.p34MjcjH027923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: LiveStreet CMS "url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43962 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in LiveStreet CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability exists in the bundled version of CSSTidy. For more information: SA40515 The vulnerability is confirmed in version 0.4.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/LiveStreet.0.4.2_Reflected.Cross-site.Scripting_170.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 16:10:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 01:10:46 +0200 Subject: [SEC] [SA43970] OpenEMR Cross-Site Scripting and Local File Inclusion Vulnerabilities Message-ID: <201104042310.p34NAkrK016820@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: OpenEMR Cross-Site Scripting and Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA43970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43970 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered multiple vulnerabilities in OpenEMR, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed to the "src_form" and "section_value" parameters in gacl/admin/object_search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "site" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 4.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/OpenEMR.4.0.0_Local.File.Inclusion_166.html http://www.autosectools.com/Advisories/OpenEMR.4.0.0_Reflected.Cross-site.Scripting_164.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 16:45:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 01:45:27 +0200 Subject: [SEC] [SA43960] SUSE update for otrs Message-ID: <201104042345.p34NjRwS006126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for otrs SECUNIA ADVISORY ID: SA43960 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43960/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43960 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43960/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43960/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43960 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for otrs. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #2 in: SA38507 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0278-1: https://hermes.opensuse.org/messages/7797670 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 17:13:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 02:13:31 +0200 Subject: [SEC] [SA44031] IBM WebSphere Application Server IVT Cross-Site Scripting Vulnerability Message-ID: <201104050013.p350DVAv027562@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server IVT Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44031 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the IVT application can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #3 in: SA42938 The vulnerability is reported in versions prior to 6.1 Fix Pack 37 (6.1.0.37). SOLUTION: Apply APAR PM20393 or update to version 6.1.0.37. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM20393): http://www-01.ibm.com/support/docview.wss?uid=swg27007951 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 17:45:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 02:45:26 +0200 Subject: [SEC] [SA44016] Fedora update for php-doctrine-Doctrine Message-ID: <201104050045.p350jQ7F016746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for php-doctrine-Doctrine SECUNIA ADVISORY ID: SA44016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44016 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php-doctrine-Doctrine. This fixes two vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA43932 SOLUTION: Apply updated packages via the yum utility ("yum update php-doctrine-Doctrine"). ORIGINAL ADVISORY: FEDORA-2011-4098: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057507.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 18:10:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 03:10:28 +0200 Subject: [SEC] [SA43955] Red Hat update for logrotate Message-ID: <201104050110.p351ASNe005640@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for logrotate SECUNIA ADVISORY ID: SA43955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43955 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for logrotate. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42559 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0407-01: https://rhn.redhat.com/errata/RHSA-2011-0407.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 18:24:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 03:24:35 +0200 Subject: [SEC] [SA43929] SUSE update for php5 Message-ID: <201104050124.p351OZau026428@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for php5 SECUNIA ADVISORY ID: SA43929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43929 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for php5. This fixes a weakness and some vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41724 SA42843 SA43328 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0276-1: https://hermes.opensuse.org/messages/7796412 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 18:45:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 03:45:01 +0200 Subject: [SEC] [SA43972] DoceboLMS "clean_input_keys()" Cross-Site Scripting Vulnerability Message-ID: <201104050145.p351j1ZC015091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: DoceboLMS "clean_input_keys()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43972 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43972/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43972 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43972/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43972/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43972 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in DoceboLMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to various PHP scripts (e.g. index.php) is not properly sanitised by the "clean_input_keys()" function in lib/lib.filterinput.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 4.0.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: ZSL-2011-5006: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5006.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 19:18:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 04:18:04 +0200 Subject: [SEC] [SA43945] SUSE update for evince Message-ID: <201104050218.p352I4kl005965@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for evince SECUNIA ADVISORY ID: SA43945 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43945/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43945 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43945/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43945/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43945 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for evince. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA42769 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0282-1: https://hermes.opensuse.org/messages/7800272 SUSE-SU-2011:0284-1: https://hermes.opensuse.org/messages/7801167 openSUSE-SU-2011:0279-1: https://hermes.opensuse.org/messages/7797961 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 19:45:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 04:45:22 +0200 Subject: [SEC] [SA44003] spidaNews "id" SQL Injection Vulnerability Message-ID: <201104050245.p352jMIi027350@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: spidaNews "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44003 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in spidaNews, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to news.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 20:10:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 05:10:39 +0200 Subject: [SEC] [SA43938] Debian update for tgt Message-ID: <201104050310.p353AdZv016242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for tgt SECUNIA ADVISORY ID: SA43938 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43938/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43938 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43938/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43938/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43938 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tgt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43713 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2209-1: http://lists.debian.org/debian-security-announce/2011/msg00078.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 20:25:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 05:25:17 +0200 Subject: [SEC] [SA43934] Debian update for tiff Message-ID: <201104050325.p353PHGX004631@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for tiff SECUNIA ADVISORY ID: SA43934 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43934 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43934/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43934/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43934 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43582 SA43593 SOLUTION: Apply update packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2210-1: http://lists.debian.org/debian-security-announce/2011/msg00079.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 20:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 05:46:31 +0200 Subject: [SEC] [SA43921] Perl "uc()", "lc()", "lcfirst()", and "ucfirst()" Taint Mode Bypass Weakness Message-ID: <201104050346.p353kVmL025767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Perl "uc()", "lc()", "lcfirst()", and "ucfirst()" Taint Mode Bypass Weakness SECUNIA ADVISORY ID: SA43921 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43921/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43921 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43921/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43921/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43921 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Perl, which can be exploited by malicious people to bypass certain security features. The weakness is caused due to the "uc()", "lc()", "lcfirst()", and "ucfist()" functions incorrectly laundering tainted data, which can result in the unintended use of potentially malicious data after using these functions. The weakness is reported in version 5.12.3. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Mark Martinec ORIGINAL ADVISORY: Perl Bug #87336: http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 21:11:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 06:11:20 +0200 Subject: [SEC] [SA44017] Fedora update for loggerhead Message-ID: <201104050411.p354BKHK014642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for loggerhead SECUNIA ADVISORY ID: SA44017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44017 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for loggerhead. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA43822 SOLUTION: Apply updated packages via the yum utility ("yum update loggerhead"). ORIGINAL ADVISORY: FEDORA-2011-4107: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html FEDORA-2011-4085: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 21:45:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 06:45:57 +0200 Subject: [SEC] [SA43977] Rash CMS "reciver" SQL Injection Vulnerability Message-ID: <201104050445.p354jvoo003939@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Rash CMS "reciver" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43977 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43977/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43977 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43977/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43977/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43977 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Rash CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "reciver" POST parameter to index.php (when "module" is set to "contact") is not properly sanitised in module/contact/contact-config.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in Rash CMS published on September 25th, 2010. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: keracker OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 4 22:11:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 07:11:03 +0200 Subject: [SEC] [SA43947] SUSE sap-es-tools Command Injection Vulnerability Message-ID: <201104050511.p355B3C2025246@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE sap-es-tools Command Injection Vulnerability SECUNIA ADVISORY ID: SA43947 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43947/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43947 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43947/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43947/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43947 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a vulnerability in the sap-es-tools package for SUSE Linux Enterprise Server 10, which can be exploited by malicious people to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used within certain CGI scripts of the sap-es-tools package, which can be exploited to inject and execute arbitrary commands. SOLUTION: Apply updated packages using the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:0261-1: https://hermes.opensuse.org/messages/7783548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 10:31:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 19:31:35 +0200 Subject: [SEC] [SA44027] SUSE update for krb5 and nbd Message-ID: <201104051731.p35HVZwj013908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for krb5 and nbd SECUNIA ADVISORY ID: SA44027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44027 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for krb5 and nbd. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA18135 SA43783 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:005: http://www.novell.com/linux/security/advisories/2011_5_sr.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 11:32:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 20:32:09 +0200 Subject: [SEC] [SA43937] MyBB Multiple Vulnerabilities Message-ID: <201104051832.p35IW98a004360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: MyBB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43937 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43937/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43937 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43937/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43937/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43937 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two weaknesses and two vulnerabilities have been reported in MyBB, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to enumerate usernames and conduct cross-site scripting attacks. 1) The script xmlhttp.php (when "action" is set to "username_availability" or "username_exists") returns different messages depending on the existence of the provided username. This can be exploited to enumerate valid usernames. 2) Input passed via the "value" parameter to xmlhttp.php (when "action" is set to "username_exists") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via thread subjects is not properly sanitised before being displayed to the user when certain actions are performed. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires HTML in posts to be enabled. The weaknesses and the vulnerabilities are reported in versions prior to 1.6.2. SOLUTION: Update to version 1.6.2. PROVIDED AND/OR DISCOVERED BY: 1, 2) MustLive 3) The vendor credits Max Roth. The vendor also credits MattRogowski. ORIGINAL ADVISORY: MyBB: http://blog.mybb.com/2011/02/22/mybb-1-6-2-and-1-4-15-security-update/ MustLive: http://websecurity.com.ua/4925/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 12:31:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 21:31:28 +0200 Subject: [SEC] [SA43976] GNU C Library "locale" Quoting Weakness Message-ID: <201104051931.p35JVSTd027205@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: GNU C Library "locale" Quoting Weakness SECUNIA ADVISORY ID: SA43976 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43976/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43976 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43976/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43976/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43976 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the GNU C Library, which potentially can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to the "locale" command not properly quoting its output, which can be exploited to gain escalated privileges by e.g. setting malicious locale environment variables and executing a script running with different privileges that evaluates the "locale" command output. The weakness is reported in versions prior to 2.13. SOLUTION: Update to version 2.13. PROVIDED AND/OR DISCOVERED BY: Harald van Dijk ORIGINAL ADVISORY: http://sourceware.org/bugzilla/show_bug.cgi?id=11904 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 13:31:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 22:31:29 +0200 Subject: [SEC] [SA43978] Slackware update for proftpd Message-ID: <201104052031.p35KVT9B017657@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Slackware update for proftpd SECUNIA ADVISORY ID: SA43978 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43978/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43978 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/43978/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43978/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43978 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA43234 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-095-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 14:25:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 23:25:25 +0200 Subject: [SEC] [SA44024] WebCalendar Multiple Script Insertion Vulnerabilities Message-ID: <201104052125.p35LPP76007837@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WebCalendar Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA44024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44024 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Matt Jezorek has discovered multiple vulnerabilities in WebCalendar, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "name", "description", and "location" parameters to edit_entry_handler.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Matt Jezorek ORIGINAL ADVISORY: https://www.upsploit.com/index.php/advisories/view/UPS-2010-0004 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 14:46:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Apr 2011 23:46:48 +0200 Subject: [SEC] [SA44036] Xymon Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104052146.p35LkmeO028959@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Xymon Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44036 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Xymon, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 4.3.0. Prior versions may also be affected. SOLUTION: Update to version 4.3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits David Ferrest. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/current/0027.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 15:11:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 00:11:19 +0200 Subject: [SEC] [SA44032] HP Network Node Manager i Unspecified Information Disclosure Vulnerability Message-ID: <201104052211.p35MBJrU017822@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Unspecified Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA44032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44032 RELEASE DATE: 2011-04-05 DISCUSS ADVISORY: http://secunia.com/advisories/44032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Network Node Manager i, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose certain sensitive information. No further information is currently available. The vulnerability is reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply hotfix QCCR1B87365. Please contact HP Services support channel for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02652 SSRT100432: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02776387 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 15:46:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 00:46:28 +0200 Subject: [SEC] [SA43953] Data Dynamics Reports Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104052246.p35MkSvW007165@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Data Dynamics Reports Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43953 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43953/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43953 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43953/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43953/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43953 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dionach has reported multiple vulnerabilities in Data Dynamics Reports, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "reportName" and "uniqueId" parameters in CoreHandler.ashx (when "dd:script" is set to "CoreViewerInit.js") and "uniqueId" and "traceLevel" parameters in CoreHandler.ashx (when "dd:script" is set to "CoreController.js") in the WebReportViewer control is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 1.6.2084.14. SOLUTION: Update to version 1.6.2084.14. PROVIDED AND/OR DISCOVERED BY: Dionach ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-03/0292.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 16:12:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 01:12:15 +0200 Subject: [SEC] [SA44007] Joomla! FLEXIcontent Component Insecure Permissions and Command Injection Message-ID: <201104052312.p35NCFnn028486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Joomla! FLEXIcontent Component Insecure Permissions and Command Injection SECUNIA ADVISORY ID: SA44007 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44007/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44007 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44007/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44007/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44007 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in the FLEXIcontent component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and disclose sensitive information and by malicious people to compromise a vulnerable system. 1) The weakness is caused due to the component setting insecure permissions (777) for the "cache" directory. This can be exploited to e.g. modify, create, or delete files contained in this directory. 2) The vulnerability exists in the bundled version of phpThumb(). For more information: SA39556 The weakness and the vulnerability are reported in versions prior to 1.5. SOLUTION: Update to version 1.5. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. ORIGINAL ADVISORY: http://www.flexicontent.org/home/item/192-flexicontent-154-is-finally-out.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 16:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 01:46:14 +0200 Subject: [SEC] [SA43973] Ubuntu update for tex-common Message-ID: <201104052346.p35NkEfw017767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tex-common SECUNIA ADVISORY ID: SA43973 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43973/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43973 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43973/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43973/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43973 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tex-common. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA43816 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1103-1: http://www.ubuntu.com/usn/usn-1103-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 17:14:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 02:14:05 +0200 Subject: [SEC] [SA43974] Ubuntu update for tiff Message-ID: <201104060014.p360E5Eb006781@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tiff SECUNIA ADVISORY ID: SA43974 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43974/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43974 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43974/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43974/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43974 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1102-1: http://www.ubuntu.com/usn/usn-1102-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 17:47:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 02:47:32 +0200 Subject: [SEC] [SA44034] Red Hat update for policycoreutils Message-ID: <201104060047.p360lWPa028445@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for policycoreutils SECUNIA ADVISORY ID: SA44034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44034 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for policycoreutils. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security features. For more information: SA43415 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0414-1: https://rhn.redhat.com/errata/RHSA-2011-0414.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 18:11:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 03:11:17 +0200 Subject: [SEC] [SA43971] Ubuntu update for ffmpeg Message-ID: <201104060111.p361BHtB017277@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for ffmpeg SECUNIA ADVISORY ID: SA43971 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43971/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43971 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43971/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43971/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43971 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for ffmpeg. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. For more information: SA43197 SA41626 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1104-1: http://www.ubuntu.com/usn/usn-1104-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 18:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 03:46:24 +0200 Subject: [SEC] [SA44028] Joomla! Unspecified Information Disclosure Vulnerability Message-ID: <201104060146.p361kOOI006606@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Joomla! Unspecified Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA44028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44028 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Joomla!, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to insufficient error checking and can be exploited to disclose certain sensitive information. The vulnerability is reported in versions prior to 1.5.23. SOLUTION: Update to version 1.5.23. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 19:21:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 04:21:02 +0200 Subject: [SEC] [SA43975] Novell File Reporter Agent XML Parsing Buffer Overflow Message-ID: <201104060221.p362L26S028784@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Novell File Reporter Agent XML Parsing Buffer Overflow SECUNIA ADVISORY ID: SA43975 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43975/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43975 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43975/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43975/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43975 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell File Reporter, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the File Reporter Agent (NFRAgent.exe) when handling contents of a certain XML tag. This can be exploited to cause a stack-based buffer overflow via specially crafted data sent to TCP port 3037. Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. The vulnerability is reported in versions prior to 1.0.2. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: Stephen Fewer, Harmony Security via ZDI ORIGINAL ADVISORY: Novell: http://download.novell.com/Download?buildid=rCAgCcbPH9s~ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-116/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 5 19:45:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 04:45:29 +0200 Subject: [SEC] [SA44021] Fedora update for gdm Message-ID: <201104060245.p362jTdx017627@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for gdm SECUNIA ADVISORY ID: SA44021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44021 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA43854 SOLUTION: Apply updated packages via the yum utility ("yum update gdm"). ORIGINAL ADVISORY: FEDORA-2011-4335: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 10:31:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 19:31:17 +0200 Subject: [SEC] [SA44000] TutorialMS "show" SQL Injection Vulnerability Message-ID: <201104061731.p36HVH1F012871@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: TutorialMS "show" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44000 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in TutorialMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "show" parameter to tutorials.php is not properly sanitised in includes/classes/tutorial.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5007.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 11:30:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 20:30:37 +0200 Subject: [SEC] [SA44045] NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities Message-ID: <201104061830.p36IUbWN003281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA44045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Netgear ProSafe Wireless-N Access Point WNAP210, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. 1) Access to the BackupConfig.php script is not properly restricted, which can be exploited to download the configuration backup and disclose the administrator's password. 2) Access to the recreate.php script is not properly restricted, which can be exploited to bypass the authentication mechanism and access the device's configuration web page. SOLUTION: Update to the latest firmware. Please contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: Trevor Seward via US-CERT. ORIGINAL ADVISORY: US-CERT VU#644812: http://www.kb.cert.org/vuls/id/644812 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 12:30:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 21:30:15 +0200 Subject: [SEC] [SA43818] qooxdoo Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201104061930.p36JUFI6026137@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: qooxdoo Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA43818 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43818/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43818 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43818/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43818/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43818 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in qooxdoo, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed to the "callback" parameter in framework/source/resource/qx/test/jsonp_primitive.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "file" parameter in framework/source/resource/qx/test/part/delay.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerabilities are confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Originally reported by AutoSec Tools in eyeOS. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 13:30:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 22:30:25 +0200 Subject: [SEC] [SA43979] Ubuntu update for linux Message-ID: <201104062030.p36KUPWd016612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA43979 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43979/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43979 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43979/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43979/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43979 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA42035 SA42061 SA42094 SA42176 SA42187 SA42570 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1105-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001298.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 14:24:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 23:24:56 +0200 Subject: [SEC] [SA44013] yaws-wiki Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104062124.p36LOuG2006827@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: yaws-wiki Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44013 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Michael Brooks has discovered multiple vulnerabilities in yaws-wiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tag" parameter to editTag.yaws (when "node" is set to "ALockedPage"), the "index" parameter to showOldPage.yaws (when "node" is set to "home"), and the "node" parameter to allRefsToMe.yaws is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.88-1. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Michael Brooks, Sitewat.ch. ORIGINAL ADVISORY: https://sitewat.ch/en/Advisory/4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 14:45:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Apr 2011 23:45:14 +0200 Subject: [SEC] [SA43997] eyeOS Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201104062145.p36LjEsh027898@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: eyeOS Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA43997 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43997 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/43997/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43997/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43997 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered two vulnerabilities in eyeOS, which can be exploited by malicious users to conduct cross-site scripting attacks and disclose sensitive information. The application bundles a vulnerable version of qooxdoo. For more information: SA43818 The vulnerabilities are confirmed in version 2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 15:10:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 00:10:25 +0200 Subject: [SEC] [SA44040] X.Org xrdb Hostname Command Injection Security Issue Message-ID: <201104062210.p36MAPhR016794@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: X.Org xrdb Hostname Command Injection Security Issue SECUNIA ADVISORY ID: SA44040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44040 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in X.Org xrdb, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. The security issue is caused due to the xrdb utility not properly escaping hostnames, which can be exploited to inject and execute arbitrary shell commands with the privileges of the user running the display manager (usually "root") via specially crafted hostnames. Successful exploitation requires that the attacker can login via XDMCP (discouraged in untrusted networks for security reasons) or set a malicious hostname via e.g. DHCP (requires physical access to the network or control over the DHCP server). SOLUTION: Update to xrdb version 1.0.9. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sebastian Krahmer, SUSE security team. ORIGINAL ADVISORY: X.Org: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 15:24:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 00:24:27 +0200 Subject: [SEC] [SA43981] UseBB Cross-Site Request Forgery Vulnerability Message-ID: <201104062224.p36MORYu005177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: UseBB Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43981 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43981/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43981 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/43981/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43981/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43981 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in UseBB, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. manipulate administrator's profile data when a logged-in administrator visits a specially crafted web page. The vulnerability is confirmed in version 1.0.11. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/multiple_csrf_cross_site_request_forgery_in_usebb.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 15:45:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 00:45:38 +0200 Subject: [SEC] [SA44037] ISC DHCP "dhclient" Response Processing Input Sanitation Vulnerability Message-ID: <201104062245.p36Mjcd7026302@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: ISC DHCP "dhclient" Response Processing Input Sanitation Vulnerability SECUNIA ADVISORY ID: SA44037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44037 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to certain shell meta-characters not being stripped or escaped when processing responses from a DHCP server. This can be exploited to submit shell commands to the "dhclient-script" script via e.g. a specially crafted "hostname" response. The vulnerability is reported in versions 3.0.x through 4.2.x. SOLUTION: Update to version 3.1-ESV-R1 and 4.1-ESV-R2 or 4.2.1-P1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sebastian Krahmer and Marius Tomaschewski, SUSE Security Team. ORIGINAL ADVISORY: https://www.isc.org/software/dhcp/advisories/cve-2011-0997 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 16:11:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 01:11:05 +0200 Subject: [SEC] [SA43989] Red Hat update for glibc Message-ID: <201104062311.p36NB502015213@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA43989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43989 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/43989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes two weaknesses and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system. For more information: SA42215 SA43492 SA43976 Note: This update includes a fix for a regression introduced due to an earlier update not properly fixing CVE-2010-3847. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0413-01: https://rhn.redhat.com/errata/RHSA-2011-0413.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 16:47:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 01:47:23 +0200 Subject: [SEC] [SA44047] Oracle Solaris Backout File Insecure Permissions Security Issue Message-ID: <201104062347.p36NlNKh004593@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Backout File Insecure Permissions Security Issue SECUNIA ADVISORY ID: SA44047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44047 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Solaris, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the "undo.Z" backout file being stored with insecure permissions in /var/sadm/pkg//save// for certain packages. This can be exploited to extract the file, which may contain password hashes of the root and other users. SOLUTION: Apply patch 119254-80. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Michael Rutkowski, Duer Advanced Technology and Aerospace via US-CERT. ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/648244 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 17:15:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 02:15:35 +0200 Subject: [SEC] [SA44026] Ruby on Rails "auto_link" Vulnerability Message-ID: <201104070015.p370FZ75026041@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ruby on Rails "auto_link" Vulnerability SECUNIA ADVISORY ID: SA44026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44026 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks. The vulnerability is caused due to the "auto_link" functionality incorrectly marking the output as safe. This can lead to certain input not being properly sanitised before being used or returned to the user, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 3.0.x prior to 3.0.6. SOLUTION: Update to version 3.0.6 or apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Torben Schulz. ORIGINAL ADVISORY: http://weblog.rubyonrails.org/2011/4/6/rails-3-0-6-has-been-released http://groups.google.com/group/rubyonrails-security/browse_thread/thread/ea77a078b9fc4345 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 6 17:45:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 02:45:33 +0200 Subject: [SEC] [SA43830] Red Hat update for glibc Message-ID: <201104070045.p370jXQ8015141@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA43830 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43830/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43830 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/43830/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43830/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43830 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes some weaknesses and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to compromise a vulnerable system. For more information: SA42215 SA43492 SA43976 1) The "addmntent()" function does not correctly handle newline characters. This can be exploited to e.g. cause a DoS or gain escalated privileges, but requires that an attacker can inject newline characters into a mount entry (e.g. via vulnerable mount helpers). Note: This update includes a fix for a regression introduced due to an earlier update not properly fixing CVE-2010-3847. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0412-1: https://rhn.redhat.com/errata/RHSA-2011-0412.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 10:31:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 19:31:40 +0200 Subject: [SEC] [SA43933] SUSE update for dbus-1-glib Message-ID: <201104071731.p37HVels010513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for dbus-1-glib SECUNIA ADVISORY ID: SA43933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43933 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/43933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dbus-1-glib. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security features. For more information: SA40908 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0300-1: https://hermes.opensuse.org/messages/7847044 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 11:32:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 20:32:46 +0200 Subject: [SEC] [SA44053] rsyslog Memory Leak Denial of Service Weaknesses Message-ID: <201104071832.p37IWkiR000953@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: rsyslog Memory Leak Denial of Service Weaknesses SECUNIA ADVISORY ID: SA44053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44053 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in rsyslog, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A memory leak error related to multiple rulesets when processing messages that belong to more than one ruleset can be exploited to cause a DoS by e.g. exhausting all available memory. 2) A memory leak error related to the non-firehose processing mode can be exploited to cause a DoS by e.g. exhausting all available memory. The weaknesses are reported in versions prior to 5.6.4. SOLUTION: Update to version 5.6.4 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor 2) Chris Good ORIGINAL ADVISORY: http://www.rsyslog.com/changelog-for-5-6-4-v5-stable/ http://bugzilla.adiscon.com/show_bug.cgi?id=218 http://bugzilla.adiscon.com/show_bug.cgi?id=225 http://bugzilla.adiscon.com/show_bug.cgi?id=226 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 12:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 21:31:41 +0200 Subject: [SEC] [SA44054] libmodplug "CSoundFile::ReadS3M()" Buffer Overflow Vulnerability Message-ID: <201104071931.p37JVfWj023823@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: libmodplug "CSoundFile::ReadS3M()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44054 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: M. Lucinskij and P. Tumenas have discovered a vulnerability in libmodplug, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "CSoundFile::ReadS3M()" function in src/load_s3m.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted S3M file. The vulnerability is confirmed in version 0.8.8.1. Prior versions may also be affected. SOLUTION: Update to version 0.8.8.2. PROVIDED AND/OR DISCOVERED BY: M. Lucinskij and P. Tumenas, SEC Consult Vulnerability Lab ORIGINAL ADVISORY: SEC Consult: https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 13:31:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 22:31:30 +0200 Subject: [SEC] [SA44008] SUSE update for freetype2 Message-ID: <201104072031.p37KVUai014286@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for freetype2 SECUNIA ADVISORY ID: SA44008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44008 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for freetype2. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA41738 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0308-1: https://hermes.opensuse.org/messages/7850332 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 14:25:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 23:25:29 +0200 Subject: [SEC] [SA44020] Red Hat update for postfix Message-ID: <201104072125.p37LPTNi004453@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for postfix SECUNIA ADVISORY ID: SA44020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44020 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for postfix. This fixes a security issues and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to manipulate certain data. For more information: SA31485 SA43646 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0422-1: http://rhn.redhat.com/errata/RHSA-2011-0422.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 14:46:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 7 Apr 2011 23:46:56 +0200 Subject: [SEC] [SA44046] Drupal Node Quick Find Module Information Disclosure Weakness Message-ID: <201104072146.p37LkuSm025589@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Drupal Node Quick Find Module Information Disclosure Weakness SECUNIA ADVISORY ID: SA44046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44046 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Node Quick Find module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to the module not checking access permissions before automatically completing search input. This can be exploited to disclose node titles of restricted nodes. The weakness is reported in version 6.x-1.1. Prior versions may also be affected. SOLUTION: Update to version 6.x-1.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jochen Meyer. ORIGINAL ADVISORY: SA-CONTRIB-2011-016: http://drupal.org/node/1118408 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 15:11:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 00:11:30 +0200 Subject: [SEC] [SA44042] Anfibia Reactor "email" Cross-Site scripting Vulnerability Message-ID: <201104072211.p37MBUOn014474@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Anfibia Reactor "email" Cross-Site scripting Vulnerability SECUNIA ADVISORY ID: SA44042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44042 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Anfibia Reactor, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "email" POST parameter to reactor/login.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.1.1.12. Prior versions may also be affected. SOLUTION: Upgrade to version 3.0. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: Anfibia: http://www.anfibia-soft.com/products/reactor/help/Introduction/The%20New%20Anfibia%20reactor.htm Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5008.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 15:46:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 00:46:41 +0200 Subject: [SEC] [SA44050] RoundCube Webmail Arbitrary Mail Relay Vulnerability Message-ID: <201104072246.p37MkfLq003804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: RoundCube Webmail Arbitrary Mail Relay Vulnerability SECUNIA ADVISORY ID: SA44050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44050 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RoundCube Webmail, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due an error within program/steps/utils/modcss.inc when verifying relay requests. This can be exploited to use an affected system as mail relay via specially crafted requests. The vulnerability is reported in versions prior to 0.5.1. SOLUTION: Updated to version 0.5.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://trac.roundcube.net/wiki/Changelog http://trac.roundcube.net/changeset/4488 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 16:14:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 01:14:58 +0200 Subject: [SEC] [SA44009] Debian update for vlc Message-ID: <201104072314.p37NEwqf025251@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for vlc SECUNIA ADVISORY ID: SA44009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44009 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA43826 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2211-1: http://www.debian.org/security/2011/dsa-2211 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 16:49:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 01:49:49 +0200 Subject: [SEC] [SA44057] Fedora update for php Message-ID: <201104072349.p37Nnnx7014577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for php SECUNIA ADVISORY ID: SA44057 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44057/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44057 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44057/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44057/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44057 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43328 SOLUTION: Apply updated packages via the yum utility ("yum update php php-eaccelerator maniadrive"). ORIGINAL ADVISORY: FEDORA-2011-3636: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057707.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057708.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html FEDORA-2011-3666: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057711.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057712.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 17:14:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 02:14:15 +0200 Subject: [SEC] [SA44023] SUSE update for telepathy-gabble Message-ID: <201104080014.p380EFXM003425@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for telepathy-gabble SECUNIA ADVISORY ID: SA44023 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44023/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44023 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44023/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44023/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44023 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for telepathy-gabble. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA43369 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0303-1: https://hermes.opensuse.org/messages/7848248 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 17:46:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 02:46:36 +0200 Subject: [SEC] [SA43999] Redmine Cross-Site Scripting Vulnerability Message-ID: <201104080046.p380kaY9025059@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Redmine Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43999 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/43999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mesut Timur has discovered a vulnerability in Redmine, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised in app/views/layouts/base.rhtml before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.1.1. Prior versions may also be affected. SOLUTION: Update to version 1.1.2. PROVIDED AND/OR DISCOVERED BY: Mesut Timur, Mavituna Security. ORIGINAL ADVISORY: Redmine: http://www.redmine.org/news/53 Mavituna Security (NS-11-004): http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 18:12:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 03:12:11 +0200 Subject: [SEC] [SA44002] Moonlight Multiple Vulnerabilities Message-ID: <201104080112.p381CBDT013981@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Moonlight Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44002 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Moonlight, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security features, and potentially compromise a user's system. 1) The "RuntimeHelpers.InitializeArray" implementation does not properly restrict the modification of read-only values, which can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight's sandboxing limitations. 2) A race condition within the implementation of the Array.Copy "FastCopy" call can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight's sandboxing limitations by modifying read-only values. 3) An error within Moonlight's "DynamicMethod resurrection" implementation can be exploited to trigger a use-after-free condition. 4) An error when freeing unmanaged MonoThread instances can be exploited to e.g. disclose potentially sensitive information. The vulnerabilities are reported in Moonlight 2.x prior to version 2.4.1. SOLUTION: Update to Moonlight 2.4.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeroen Frijters. ORIGINAL ADVISORY: http://www.mono-project.com/Vulnerabilities#Moonlight_RuntimeHelpers.InitializeArray_on_non-primitive_value_types http://www.mono-project.com/Vulnerabilities#Moonlight_Race_in_Array.Copy_.22FastCopy.22_Internal_Call http://www.mono-project.com/Vulnerabilities#Moonlight_DynamicMethod_Resurrection http://www.mono-project.com/Vulnerabilities#Moonlight_Improper_Thread_Finalization OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 18:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 03:46:40 +0200 Subject: [SEC] [SA44010] Ubuntu update for x11-xserver-utils Message-ID: <201104080146.p381keww003284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for x11-xserver-utils SECUNIA ADVISORY ID: SA44010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44010 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for x11-xserver-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1107-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001300.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 19:17:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 04:17:05 +0200 Subject: [SEC] [SA44038] WordPress Cross-Site Scripting and Denial of Service Vulnerabilities Message-ID: <201104080217.p382H5Ve025306@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WordPress Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44038 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The "make_clickable()" function in wp-includes/formatting.php does not properly check the URL length in comments before passing it to the PCRE library, which can be exploited to cause a crash. The vulnerabilities are reported in versions prior to 3.1.1. SOLUTION: Update to version 3.1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jon Cave and Peter Westwood. ORIGINAL ADVISORY: WordPress: http://wordpress.org/news/2011/04/wordpress-3-1-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 19:46:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 04:46:02 +0200 Subject: [SEC] [SA44048] Slackware update for dhcp Message-ID: <201104080246.p382k2RT014359@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Slackware update for dhcp SECUNIA ADVISORY ID: SA44048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44048 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-097-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 20:11:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 05:11:16 +0200 Subject: [SEC] [SA44019] Debian update for vlc Message-ID: <201104080311.p383BGuh003249@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for vlc SECUNIA ADVISORY ID: SA44019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44019 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA39558 SA42773 SA43131 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2211-1: http://www.debian.org/security/2011/dsa-2211 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 20:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 05:46:31 +0200 Subject: [SEC] [SA44018] SUSE update for wireshark Message-ID: <201104080346.p383kVZf025010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for wireshark SECUNIA ADVISORY ID: SA44018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44018 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA39661 SA40112 SA40783 SA41535 SA42290 SA42767 SA43554 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0310-1: https://hermes.opensuse.org/messages/7850661 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 21:11:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 06:11:42 +0200 Subject: [SEC] [SA44064] VLC Media Player libmodplug Buffer Overflow Vulnerability Message-ID: <201104080411.p384Bgmh013917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: VLC Media Player libmodplug Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44064 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application using a vulnerable version of the libmodplug library. For more information: SA44054 Note: This may only affect the precompiled versions. The vulnerability is confirmed in version 1.1.8 for Windows and Mac OS X. Other versions may also be affected. SOLUTION: Do not open untrusted *.S3M files. PROVIDED AND/OR DISCOVERED BY: M. Lucinskij and P. Tumenas, SEC Consult Vulnerability Lab ORIGINAL ADVISORY: SEC Consult: https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 21:48:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 06:48:58 +0200 Subject: [SEC] [SA44035] GreenPants Multiple SQL Injection Vulnerabilities Message-ID: <201104080448.p384mw1r003327@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: GreenPants Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44035 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in GreenPants, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "id" parameter to index.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "s" parameter to index.php is not properly sanitised in pages/searcher.php before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 3) Input passed via the "i" parameter to admin/index.php (when "do" is set to "editcat" or "editemot") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in 0.1.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gianni Gnesa, Ptrace Security. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 7 22:11:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 07:11:18 +0200 Subject: [SEC] [SA44039] SUSE pure-ftpd Privilege Escalation Vulnerability Message-ID: <201104080511.p385BIKw024508@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE pure-ftpd Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA44039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a vulnerability in the pure-ftpd package for SUSE Linux Enterprise Server, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to a world-writable folder created by the "OES pure-ftpd Netware extensions", which can be exploited to manipulate system files and gain escalated privileges. Further information is currently not available. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:0306-1: https://hermes.opensuse.org/messages/7849430 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 10:31:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 19:31:39 +0200 Subject: [SEC] [SA44080] Microsoft Windows "afd.sys" 120CFh IOCTL Handling Vulnerability Message-ID: <201104081731.p38HVd2I013171@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows "afd.sys" 120CFh IOCTL Handling Vulnerability SECUNIA ADVISORY ID: SA44080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44080 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the afd.sys driver when processing IOCTLs and can be exploited to access invalid memory and cause a crash via a specially crafted 0x000120CF IOCTL. The vulnerability is confirmed on a fully patched Windows XP SP3 (afd.sys version 5.1.2600.5657). Other versions may also be affected. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Lufeng Li ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17133/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 11:32:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 20:32:05 +0200 Subject: [SEC] [SA44041] phplist Cross-Site Request Forgery Vulnerability Message-ID: <201104081832.p38IW5Z4003638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: phplist Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44041 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hanno Boeck has discovered a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an arbitrary list and conduct script insertion attacks by tricking a logged-in administrator into visiting a malicious web site. The vulnerability is confirmed in version 2.10.13. Other versions may also be affected. SOLUTION: The vendor has issued a fix for the vulnerability, however, the fix is insufficient and only fixes adding or editing administrators. Do not browse untrusted sites or follow untrusted links while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Hanno Boeck ORIGINAL ADVISORY: phpList: http://www.phplist.com/?lid=516 Hanno Boeck: http://int21.de/cve/CVE-2011-0748-phplist.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 12:31:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 21:31:22 +0200 Subject: [SEC] [SA44076] SUSE update for moonlight Message-ID: <201104081931.p38JVMkE026472@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for moonlight SECUNIA ADVISORY ID: SA44076 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44076/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44076 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44076/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44076/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44076 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for moonlight. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security features, and potentially compromise a user's system. For more information: SA44002 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: openSUSE-SU-2011:0313-1: https://hermes.opensuse.org/messages/7870584 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 13:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 22:31:36 +0200 Subject: [SEC] [SA44060] Red Hat update for spice-xpi Message-ID: <201104082031.p38KVabw016947@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for spice-xpi SECUNIA ADVISORY ID: SA44060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44060 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for spice-xpi. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of an uninitialised pointer in the SPICE Firefox plugin, which can be exploited by e.g. tricking a user into visiting a malicious website. Successful exploitation may allow the execution of arbitrary code. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:0427-01: https://rhn.redhat.com/errata/RHSA-2011-0427.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 14:25:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 23:25:17 +0200 Subject: [SEC] [SA44088] Fedora update for rsync Message-ID: <201104082125.p38LPHv5007117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for rsync SECUNIA ADVISORY ID: SA44088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44088 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rsync. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA44071 SOLUTION: Apply updated packages via the yum utility ("yum update rsync"). ORIGINAL ADVISORY: FEDORA-2011-4413: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html FEDORA-2011-4427: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 14:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 8 Apr 2011 23:46:26 +0200 Subject: [SEC] [SA44069] SUSE update for libvirt Message-ID: <201104082146.p38LkQkZ028228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for libvirt SECUNIA ADVISORY ID: SA44069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44069 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA43670 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: LWN.net openSUSE-SU-2011:0311-1: https://lwn.net/Articles/437411/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 15:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 00:11:06 +0200 Subject: [SEC] [SA44086] Red Hat update for kernel Message-ID: <201104082211.p38MB6wQ017106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA44086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44086 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, and potentially gain escalated privileges and by malicious, local users and malicious people to cause a DoS (Denial of Service). For more information: SA41440 SA42035 SA42570 SA42964 SA43009 SA43594 SA43693 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0421-01: https://rhn.redhat.com/errata/RHSA-2011-0421.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 15:46:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 00:46:56 +0200 Subject: [SEC] [SA44073] phpCollab Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201104082246.p38Mku2i006486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: phpCollab Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA44073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44073 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in phpCollab, which can be exploited by malicious users to conduct cross-site request forgery and script insertion attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. 2) Input passed via the "url" POST parameter to clients/editclient.php when adding or editing a client is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "links" POST parameter to newsdesk/editnews.php when editing a news article is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the "Project Manager Permissions" privileges. The vulnerabilities are confirmed in version 2.5. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22916: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpcollab.html HTB22917: http://www.htbridge.ch/advisory/xss_vulnerabilities_in_phpcollab.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 16:11:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 01:11:42 +0200 Subject: [SEC] [SA44025] SUSE update for dhcpcd Message-ID: <201104082311.p38NBg2Q027771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for dhcpcd SECUNIA ADVISORY ID: SA44025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44025 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dhcpcd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44070 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0301-1: https://hermes.opensuse.org/messages/7847052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 16:46:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 01:46:08 +0200 Subject: [SEC] [SA44011] SUSE update for dhcp Message-ID: <201104082346.p38Nk80Z017078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for dhcp SECUNIA ADVISORY ID: SA44011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44011 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0305-1: https://hermes.opensuse.org/messages/7849431 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 17:14:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 02:14:04 +0200 Subject: [SEC] [SA44012] SUSE update for xorg-x11 Message-ID: <201104090014.p390E4Qn006103@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for xorg-x11 SECUNIA ADVISORY ID: SA44012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44012 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xorg-x11. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: LWN.net openSUSE-SU-2011:0298-1: https://lwn.net/Articles/437150/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 17:46:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 02:46:05 +0200 Subject: [SEC] [SA44068] SUSE update for mailman Message-ID: <201104090046.p390k54d027712@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for mailman SECUNIA ADVISORY ID: SA44068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44068 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for mailman. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 SA43389 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0312-1: https://hermes.opensuse.org/messages/7856168 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 18:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 03:11:09 +0200 Subject: [SEC] [SA44058] Cyber-Ark PIM Suite Password Vault Web Access Cross-Site Scripting Vulnerability Message-ID: <201104090111.p391B9fM016596@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Cyber-Ark PIM Suite Password Vault Web Access Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44058 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cyber-Ark PIM Suite, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to Password Vault Web Access is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in the following versions: * Password Vault Web Access version 6.0 patch #2 and prior. * Password Vault Web Access version 5.5 patch #4 and prior. * Password Vault Web Access version 5.0 and prior. SOLUTION: Update or upgrade to Password Vault Web Access version 6.0 patch #3 and version 5.5 patch #5. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN11424086/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 18:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 03:46:07 +0200 Subject: [SEC] [SA44066] eXtplorer Cross-Site Request Forgery Vulnerability Message-ID: <201104090146.p391k7MO005937@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: eXtplorer Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44066 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in eXtplorer, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 2.0.1. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 19:18:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 04:18:11 +0200 Subject: [SEC] [SA44070] dhcpcd Response Processing Input Sanitation Vulnerability Message-ID: <201104090218.p392IBQ5027997@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: dhcpcd Response Processing Input Sanitation Vulnerability SECUNIA ADVISORY ID: SA44070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44070 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in dhcpcd, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to certain shell meta-characters not being stripped or escaped when processing responses from a DHCP server. This can be exploited to inject and execute arbitrary shell commands via e.g. a specially crafted "hostname" response. The vulnerability is reported in versions prior to 5.2.12. SOLUTION: Update to version 5.2.12. PROVIDED AND/OR DISCOVERED BY: SUSE ORIGINAL ADVISORY: dhcpcd: http://roy.marples.name/archives/dhcpcd-discuss/2011/0326.html SUSE Bug #675052: https://bugzilla.novell.com/show_bug.cgi?id=675052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 19:46:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 04:46:12 +0200 Subject: [SEC] [SA44071] rsync Incremental Recursion Memory Corruption Vulnerability Message-ID: <201104090246.p392kCET017020@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: rsync Incremental Recursion Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA44071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44071 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in rsync, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. The vulnerability is caused due to an error within the incremental recursion feature, which can be exploited to cause a memory corruption by tricking a user into syncing from a malicious server. Successful exploitation requires that the "--recursive", "--delete", and "--hard-links" options are on and the "--owner" option is off. SOLUTION: Update to version 3.0.8. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Wayne Davison and Matt McCutchen ORIGINAL ADVISORY: rsync: http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS https://bugzilla.samba.org/show_bug.cgi?id=7936 Red Hat Bug #675036: https://bugzilla.redhat.com/show_bug.cgi?id=675036 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 20:11:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 05:11:09 +0200 Subject: [SEC] [SA44056] Maia Mailguard Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104090311.p393B94s005909@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Maia Mailguard Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44056 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Maia Mailguard, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "charset" parameter to xlogin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "new_mail" parameter to xadminusers.php and the "newaddr" parameter to wblist.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 1.0.2b. SOLUTION: Update to version 1.0.2b. PROVIDED AND/OR DISCOVERED BY: 1) Mario Lopez Jimenez, Buguroo Offensive Security. 2) Reported by the vendor. ORIGINAL ADVISORY: Maia Mailguard: http://www.maiamailguard.com/maia/blog/1.0.2b-released http://www.maiamailguard.com/maia/ticket/557 Buguroo Offensive Security: http://buguroo.com/adv/Buguroo_ADV_2011-001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 20:46:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 05:46:05 +0200 Subject: [SEC] [SA43948] tinyproxy Netmask Generation ACL Bypass Security Issue Message-ID: <201104090346.p393k5rK027635@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: tinyproxy Netmask Generation ACL Bypass Security Issue SECUNIA ADVISORY ID: SA43948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43948 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/43948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in tinyproxy, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the netmask generation, which can be exploited to bypass ACL restrictions if the configuration contains an "Allow" statement using IP ranges. The security issue is reported in version 1.8.2. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: PhobosK ORIGINAL ADVISORY: https://banu.com/bugzilla/show_bug.cgi?id=90 https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 21:11:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 06:11:42 +0200 Subject: [SEC] [SA44067] eGroupware "lang" Cross-Site Scripting Vulnerability Message-ID: <201104090411.p394Bg5f016561@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: eGroupware "lang" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44067 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in eGroupware, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "lang" parameter to phpgwapi/js/jscalendar/test.php is not properly sanitised in phpqwapi/js/jscalendar/calendar.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.8.001. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/eGroupware.1.8.001_Reflected.Cross-site.Scripting_178.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 21:46:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 06:46:21 +0200 Subject: [SEC] [SA44084] vBulletin Search UI Unspecified SQL Injection Vulnerability Message-ID: <201104090446.p394kLIj005878@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: vBulletin Search UI Unspecified SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44084 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in vBulletin Publishing Suite and vBulletin Forum Classic, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input related to the search UI is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. Please see vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.vbulletin.com/forum/showthread.php/376995-vBulletin-4.X-Security-Patch OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 8 22:11:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 07:11:30 +0200 Subject: [SEC] [SA44061] e107 Cross-Site Request Forgery Vulnerability Message-ID: <201104090511.p395BUR0027180@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: e107 Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44061 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Autosec Tools has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. ban users if a logged-in administrator visits a malicious web site. The vulnerability is confirmed in version 0.7.25. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/e107.0.7.25_Cross-site.Request.Forgery_175.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 10:31:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 19:31:33 +0200 Subject: [SEC] [SA43998] Apache HttpComponents HttpClient "Proxy-Authorization" Security Issue Message-ID: <201104091731.p39HVXvP015820@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Apache HttpComponents HttpClient "Proxy-Authorization" Security Issue SECUNIA ADVISORY ID: SA43998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43998 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/43998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Apache HttpComponents HttpClient, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to HttpClient incorrectly sending the "Proxy-Authorization" header intended for a tunneling proxy to the final target host, which can be exploited to gain access to the authorisation credentials. The security issue is reported in versions prior to 4.1.1. SOLUTION: Update to version 4.1.1. PROVIDED AND/OR DISCOVERED BY: Reported in a bug report by Dusan Onofer. ORIGINAL ADVISORY: http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt https://issues.apache.org/jira/browse/HTTPCLIENT-1061 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 11:31:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 20:31:20 +0200 Subject: [SEC] [SA44055] TYPO3 WEC Discussion Forum Extension Multiple SQL Injection Vulnerabilities Message-ID: <201104091831.p39IVKHl006281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: TYPO3 WEC Discussion Forum Extension Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44055 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the WEC Discussion Forum extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 2.1.1. NOTE: The vulnerabilities are reportedly being actively exploited. SOLUTION: Update to version 2.1.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthias Hunstock. ORIGINAL ADVISORY: TYPO3-SA-2011-003: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 12:31:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 21:31:31 +0200 Subject: [SEC] [SA44081] Debian update for tmux Message-ID: <201104091931.p39JVVdp029136@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for tmux SECUNIA ADVISORY ID: SA44081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application not dropping group privileges and can be exploited to perform certain actions using permissions of the "tmux" group. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: Reported by Daniel Danner in a Debian bug report. ORIGINAL ADVISORY: DSA-2212-1: http://www.debian.org/security/2011/dsa-2212 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 13:31:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 22:31:12 +0200 Subject: [SEC] [SA44074] SUSE update for python-feedparser Message-ID: <201104092031.p39KVCH6019574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for python-feedparser SECUNIA ADVISORY ID: SA44074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44074 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for python-feedparser. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct script insertion attacks. For more information: SA43730 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0314-1: https://hermes.opensuse.org/messages/7870598 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 14:25:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 23:25:10 +0200 Subject: [SEC] [SA44083] HAProxy "manage_server_side_cookies()" Denial of Service Vulnerability Message-ID: <201104092125.p39LPAWG009777@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: HAProxy "manage_server_side_cookies()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44083 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HAProxy, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "manage_server_side_cookies()" function in src/proto_http.c when processing certain cookies, which can be exploited to cause a crash via a HTTP response containing a specially crafted "Set-Cookie" header. Successful exploitation requires that cookie-based persistence is enabled. The vulnerability is reported in version 1.4.9 through 1.4.14. SOLUTION: Update to version 1.4.15. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://haproxy.1wt.eu/#news http://haproxy.1wt.eu/download/1.5/src/CHANGELOG OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 9 14:46:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 9 Apr 2011 23:46:49 +0200 Subject: [SEC] [SA44077] Viscacha Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201104092146.p39LkmoY030885@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Viscacha Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44077 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Viscacha, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "file" parameter to admin.php (when "action" is set to "designs" and "job" is set to "templates_file_history"), the "dir" parameter to admin.php (when "action" is set to "designs" and "job" is set to "templates_file_revert", "templates_file_edit2", or "templates_file_delete"), and the "path" parameter to admin.php (when "action" is set to "explorer" and "job" is set to "newdir" or "chmod") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "digest" parameter to editprofile.php (when "action" is set to "abos2") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22919, HTB22921): http://www.htbridge.ch/advisory/multiple_xss_in_viscacha.html http://www.htbridge.ch/advisory/sql_injection_in_viscacha.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 10:32:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Apr 2011 19:32:34 +0200 Subject: [SEC] [SA44043] IBM Tivoli Monitoring Unspecified Java Vulnerability Message-ID: <201104111732.p3BHWYK5006518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Monitoring Unspecified Java Vulnerability SECUNIA ADVISORY ID: SA44043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44043 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring. The vulnerability exists in the bundled version of Java. The vulnerability is reported in versions prior to 6.2.2 Fix Pack 4. SOLUTION: Update to version 6.2.2 Fix Pack 4 (6.2.2-TIV-ITM-FP0004). ORIGINAL ADVISORY: IBM (IZ85351): http://www.ibm.com/support/docview.wss?uid=swg1IZ85351 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 11:31:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Apr 2011 20:31:38 +0200 Subject: [SEC] [SA44079] Debian update for ikiwiki Message-ID: <201104111831.p3BIVcF4029340@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for ikiwiki SECUNIA ADVISORY ID: SA44079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44079 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA44137 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2214-1: http://www.debian.org/security/2011/dsa-2214 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 12:33:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Apr 2011 21:33:18 +0200 Subject: [SEC] [SA44006] Softbiz Classified Ads PLUS Script "cid" SQL Injection Vulnerability Message-ID: <201104111933.p3BJXIng019882@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Softbiz Classified Ads PLUS Script "cid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44006 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Softbiz Classified Ads PLUS Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cid" parameter to gallery.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Egyptian.H4x0rz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 13:36:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Apr 2011 22:36:24 +0200 Subject: [SEC] [SA44100] PHP-Jokesite "cat_id" SQL Injection Vulnerabilities Message-ID: <201104112036.p3BKaO9L010491@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: PHP-Jokesite "cat_id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44100 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in PHP-Jokesite, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cat_id" parameter to new_jokes.php, top_ten_jokes.php, and top_emailed_jokes.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurd-team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 14:35:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Apr 2011 23:35:58 +0200 Subject: [SEC] [SA44089] Debian update for dhcp3 Message-ID: <201104112135.p3BLZwjq000876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for dhcp3 SECUNIA ADVISORY ID: SA44089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44089 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for dhcp3. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2217-1: http://www.debian.org/security/2011/dsa-2217 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 15:16:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 00:16:32 +0200 Subject: [SEC] [SA44137] ikiwiki "meta stylesheet" Script Insertion Vulnerability Message-ID: <201104112216.p3BMGWRd022931@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: ikiwiki "meta stylesheet" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA44137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44137 RELEASE DATE: 2011-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/44137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ikiwiki, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "meta stylesheet" directive is not properly sanitised before being used as an alternate stylesheet. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires permissions to upload stylesheets. The vulnerability is reported in versions prior to 3.20110328. SOLUTION: Update to version 3.20110328. PROVIDED AND/OR DISCOVERED BY: The vendor credits Giuseppe Bilotta. ORIGINAL ADVISORY: http://ikiwiki.info/security/#index39h2 http://git.ikiwiki.info/?p=ikiwiki;a=commitdiff;h=be02a80b7a19f3c33a8ea42c0750d94e0a91206f OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 15:45:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 00:45:17 +0200 Subject: [SEC] [SA44033] IT Dashboard "value" Cross-Site Scripting Vulnerability Message-ID: <201104112245.p3BMjHhO012010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IT Dashboard "value" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44033 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ivan Markovic has discovered a vulnerability in IT Dashboard, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "value" POST parameter in /sites/all/modules/contrib/datatables/dataTables/m edia/examples_support/editable_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic, Network Security Solutions via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 16:11:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 01:11:03 +0200 Subject: [SEC] [SA44093] SUSE update for libcgroup Message-ID: <201104112311.p3BNB3Wg000886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for libcgroup SECUNIA ADVISORY ID: SA44093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44093 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libcgroup. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. The vulnerability is caused due to a boundary error in the "parse_cgroup_spec()" function (src/tools/tools-common.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted list of controllers. NOTE: Additionally, a weakness exists in the cgrulesengd daemon when handling NETLINK messages and can be exploited to put processes into an existing control group allowing those tasks to run with more resources (e.g. memory or CPU). SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0315-1: https://hermes.opensuse.org/messages/7872252 openSUSE-SU-2011:0316-1: https://hermes.opensuse.org/messages/7872270 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 16:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 01:45:42 +0200 Subject: [SEC] [SA44059] Pithos "pithos.ini" Credentials Information Disclosure Security Issue Message-ID: <201104112345.p3BNjgUS022684@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Pithos "pithos.ini" Credentials Information Disclosure Security Issue SECUNIA ADVISORY ID: SA44059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44059 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Pithos, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application not properly restricting read access to the configuration file "~/.config/pithos.ini", which stores credentials for the Pandora.com website in clear text. The security issue is reported in version 0.3.7. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a bug report by Ian Daniher. ORIGINAL ADVISORY: https://bugs.launchpad.net/pithos/+bug/733307 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 17:13:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 02:13:55 +0200 Subject: [SEC] [SA44105] IntegraXor SQL Database Insecure Permissions Security Issue Message-ID: <201104120013.p3C0DtJK011745@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IntegraXor SQL Database Insecure Permissions Security Issue SECUNIA ADVISORY ID: SA44105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44105 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. The security issue is caused due to insecure database permissions, which allow unauthenticated read and write access. This can be exploited to execute arbitrary SQL statements via HTTP POST requests. The security issue is reported in versions prior to 3.6.4000.5. SOLUTION: Update to version 3.6.4000.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dan Rosenberg, Virtual Security Research (VSR). ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 17:45:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 02:45:35 +0200 Subject: [SEC] [SA44082] Debian update for x11-xserver-utils Message-ID: <201104120045.p3C0jZGT000886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for x11-xserver-utils SECUNIA ADVISORY ID: SA44082 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44082/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44082 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44082/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44082/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44082 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for x11-xserver-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2213-1: http://www.debian.org/security/2011/dsa-2213 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 18:10:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 03:10:45 +0200 Subject: [SEC] [SA44004] Softbiz B2B Trading Marketplace Script "cid" SQL Injection Vulnerability Message-ID: <201104120110.p3C1AjVG022254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Softbiz B2B Trading Marketplace Script "cid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44004 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44004/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44004 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44004/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44004/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44004 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Softbiz B2B Trading Marketplace Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cid" parameter to cat_sell.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Egyptian.H4x0rz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 18:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 03:45:58 +0200 Subject: [SEC] [SA44127] Red Hat update for dhcp Message-ID: <201104120145.p3C1jwh9011625@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for dhcp SECUNIA ADVISORY ID: SA44127 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44127/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44127 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44127/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44127/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44127 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0428-1: http://rhn.redhat.com/errata/RHSA-2011-0428.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 19:20:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 04:20:18 +0200 Subject: [SEC] [SA44120] Novell ZENworks Configuration Management Unspecified Code Execution Message-ID: <201104120220.p3C2KIbo001388@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Novell ZENworks Configuration Management Unspecified Code Execution SECUNIA ADVISORY ID: SA44120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44120 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when handling certain ZENworks Asset Management (ZAM) file operations and can be exploited to potentially execute arbitrary code by an inventory service. The vulnerability is reported in versions prior to 10.3.2. SOLUTION: Update to version 10.3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri, ThirdEyeTesters via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 19:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 04:47:10 +0200 Subject: [SEC] [SA44091] Linux Kernel "inotify_init1()" Denial of Service Vulnerability Message-ID: <201104120247.p3C2lALm022816@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Linux Kernel "inotify_init1()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44091 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44091/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44091 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44091/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44091/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44091 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a double-free error within the implementation of the "inotify_init1()" system call, which can be exploited to e.g. cause a kernel crash. This is related to: SA42365 SOLUTION: Fixed in version 2.6.39-rc2. PROVIDED AND/OR DISCOVERED BY: Disclosed in a GIT commit. ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d0de4dc584ec6aa3b26fffea320a8457827768fc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 20:14:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 05:14:42 +0200 Subject: [SEC] [SA44022] VLC Media Player "MP4_ReadBox_skcr()" Buffer Overflow Vulnerability Message-ID: <201104120314.p3C3EgSV011840@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: VLC Media Player "MP4_ReadBox_skcr()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44022 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44022/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44022 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44022/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44022/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44022 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error within the "MP4_ReadBox_skcr()" function in modules/demux/mp4/libmp4.c and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted MP4 file. The vulnerability is reported in version 1.1.8. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Aliz Hammond. ORIGINAL ADVISORY: VideoLAN-SA-1103: http://www.videolan.org/security/sa1103.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 20:50:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 05:50:29 +0200 Subject: [SEC] [SA44135] Fedora update for libtiff Message-ID: <201104120350.p3C3oTJp001167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for libtiff SECUNIA ADVISORY ID: SA44135 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44135/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44135 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44135/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44135/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44135 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages via the yum utility ("yum update libtiff"). ORIGINAL ADVISORY: FEDORA-2011-3836: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 21:16:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 06:16:23 +0200 Subject: [SEC] [SA44087] Yamaha RT Series Routers IP Header Parsing Denial of Service Vulnerability Message-ID: <201104120416.p3C4GNWY022563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Yamaha RT Series Routers IP Header Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44087 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Yamaha RT Series Routers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when parsing certain IP header options and can be exploited to cause a device to reboot via a specially crafted packet. Please see the vendor's advisory for the list of affected products and versions. SOLUTION: Update to a fixed firmware version if available or restrict access to trusted hosts only. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Yuji Ukai, Fourteenforty Research Institute via JVN. ORIGINAL ADVISORY: Yamaha: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html JVN: http://jvn.jp/en/jp/JVN55714408/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 21:50:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 06:50:03 +0200 Subject: [SEC] [SA44090] Debian update for isc-dhcp Message-ID: <201104120450.p3C4o3p6011864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for isc-dhcp SECUNIA ADVISORY ID: SA44090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44090 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2216-1: http://www.debian.org/security/2011/dsa-2216 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 11 22:13:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 07:13:20 +0200 Subject: [SEC] [SA44109] Etki Video PRO Two SQL Injection Vulnerabilities Message-ID: <201104120513.p3C5DKSK000623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Etki Video PRO Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44109 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Etki Video PRO, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "id" parameter to izle.asp is not properly sanitised in inc/izle.asp before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "cat" parameter to kategori.asp is not properly sanitised in inc/kategori.asp before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurd-team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 10:30:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 19:30:50 +0200 Subject: [SEC] [SA44114] Elxis CMS eForum Component File Upload Vulnerability Message-ID: <201104121730.p3CHUoSF021622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Elxis CMS eForum Component File Upload Vulnerability SECUNIA ADVISORY ID: SA44114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44114 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: QSecure has discovered a vulnerability in the eForum component for Elxis CMS, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the components/com_eforum/eforum.php script not properly verifying uploaded file types. This can be exploited to upload a PHTML file and execute arbitrary PHP code. The vulnerability is confirmed in version 1.1 released prior to 7th of April 2011. Prior versions may also be affected. SOLUTION: Update to version 1.1 released after 7th of April 2011. PROVIDED AND/OR DISCOVERED BY: QSecure ORIGINAL ADVISORY: Elxis CMS: http://forum.elxis.org/index.php?topic=5144.msg39714#msg39714 QSecure: http://www.qsecure.com.cy/advisories/arbitary_file_upload_in_elxis_cms_eforum.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 11:30:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 20:30:51 +0200 Subject: [SEC] [SA44103] Ubuntu update for dhcp3 Message-ID: <201104121830.p3CIUpbD012099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Ubuntu update for dhcp3 SECUNIA ADVISORY ID: SA44103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44103 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for dhcp3. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1108-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001302.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 12:31:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 21:31:14 +0200 Subject: [SEC] [SA41387] Microsoft Windows Wordpad Word 97 Converter Vulnerabilities Message-ID: <201104121931.p3CJVEWO002552@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Wordpad Word 97 Converter Vulnerabilities SECUNIA ADVISORY ID: SA41387 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41387/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41387 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/41387/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41387/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41387 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to array-indexing errors in the Word 97 converter (mswrd8.wpc / mswrd864.wpc) when parsing cell ranges supplied in sprmTTextFlow and sprmTSplit PRLs. This can be exploited to corrupt memory outside the bounds of an allocated array by tricking a user into opening a specially crafted Word 97 document using WordPad. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: MS11-033 (KB2485663): http://www.microsoft.com/technet/security/Bulletin/MS11-033.mspx Secunia Research: http://secunia.com/secunia_research/2011-33/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 13:32:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 22:32:02 +0200 Subject: [SEC] [SA44155] Microsoft Windows/Office GDI+ Integer Overflow Vulnerability Message-ID: <201104122032.p3CKW2rG025500@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows/Office GDI+ Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA44155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44155 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows and Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error within gdiplus.dll when handing EMF files and can be exploited to corrupt memory via a specially crafted EMF file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Joly and Chaouki Bekrar, Vupen. ORIGINAL ADVISORY: MS11-029 (KB2489979, KB2412687, KB2509461): http://www.microsoft.com/technet/security/bulletin/MS11-029.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 14:24:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 23:24:31 +0200 Subject: [SEC] [SA44161] Microsoft Windows DNS LLMNR Query Processing Vulnerability Message-ID: <201104122124.p3CLOViX015635@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows DNS LLMNR Query Processing Vulnerability SECUNIA ADVISORY ID: SA44161 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44161/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44161 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44161/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44161/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44161 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the DNS client service (DNSAPI.dll) when processing Link Local Multicast Name Resolution (LLMNR) broadcast queries. This can be exploited to execute arbitrary code in the context of the NetworkService account. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Neel Mehta, Google Inc. ORIGINAL ADVISORY: MS11-030 (KB2509553): http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 14:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Apr 2011 23:45:42 +0200 Subject: [SEC] [SA44015] Microsoft Office Two Vulnerabilities Message-ID: <201104122145.p3CLjg0u004339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Office Two Vulnerabilities SECUNIA ADVISORY ID: SA44015 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44015/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44015 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44015/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44015/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44015 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) Office applications load certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word document located on a remote WebDAV or SMB share. 2) An error when handling dereferencing data structures during parsing of graphic objects in Office files can be exploited via e.g. a specially crafted Excel file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits an anonymous person via ZDI. ORIGINAL ADVISORY: MS11-023 (KB2509461, KB2509503, KB2509488, KB2505924, KB2505927, KB2505935): http://www.microsoft.com/technet/security/Bulletin/MS11-023.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 15:10:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 00:10:37 +0200 Subject: [SEC] [SA44156] Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities Message-ID: <201104122210.p3CMAbCm025646@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA44156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44156 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. 1) Multiple use-after-free errors within the Win32k kernel-mode driver (win32k.sys) when handling kernel-mode driver objects can be exploited to execute arbitrary code in kernel-mode. 2) Multiple NULL pointer dereference errors within the Win32k kernel-mode driver (win32k.sys) when handling pointers to kernel-mode driver objects can be exploited to execute arbitrary code in kernel-mode. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Tarjei Mandt, Norman. ORIGINAL ADVISORY: MS11-034 (KB2506223): http://www.microsoft.com/technet/security/bulletin/MS11-034.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 15:24:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 00:24:59 +0200 Subject: [SEC] [SA44123] Red Hat update for xorg-x11-server-utils Message-ID: <201104122224.p3CMOxgD014080@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for xorg-x11-server-utils SECUNIA ADVISORY ID: SA44123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44123 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for xorg-x11-server-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0433-1: https://rhn.redhat.com/errata/RHSA-2011-0433.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 15:46:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 00:46:01 +0200 Subject: [SEC] [SA44072] Microsoft Windows SMB Transaction Parsing Vulnerability Message-ID: <201104122246.p3CMk1ta002758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Transaction Parsing Vulnerability SECUNIA ADVISORY ID: SA44072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44072 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when parsing certain fields in SMB packets and can be exploited via a specially crafted SMB packet sent to a vulnerable system running the Server service. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-020 (KB2508429): http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 16:11:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 01:11:07 +0200 Subject: [SEC] [SA44145] Fedora update for libvirt Message-ID: <201104122311.p3CNB7DB024098@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for libvirt SECUNIA ADVISORY ID: SA44145 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44145/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44145 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44145/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44145/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44145 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libvirt. This fixes a security issue and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43670 SOLUTION: Apply updated packages via the yum utility ("yum update libvirt"). ORIGINAL ADVISORY: FEDORA-2011-4896: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057846.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 16:46:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 01:46:19 +0200 Subject: [SEC] [SA44096] HP-UX NFS/ONCplus Denial of Service Vulnerability Message-ID: <201104122346.p3CNkJQg013462@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: HP-UX NFS/ONCplus Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44096 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in HP-UX B.11.31 running NFS/ONCplus versions B.11.31.10 and prior. SOLUTION: Install ONCplus_B.11.31.11.depot or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02653 SSRT100310: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02777287 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 17:14:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 02:14:22 +0200 Subject: [SEC] [SA44122] Red Hat update for xorg-x11 Message-ID: <201104130014.p3D0EMOI002457@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for xorg-x11 SECUNIA ADVISORY ID: SA44122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44122 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for xorg-x11. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0432-1: http://rhn.redhat.com/errata/RHSA-2011-0432.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 17:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 02:45:48 +0200 Subject: [SEC] [SA44094] Linux Kernel "mremap()" Denial of Service Vulnerability Message-ID: <201104130045.p3D0jmid024090@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Linux Kernel "mremap()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44094 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of expanding "mremap()" calls, which can be exploited to cause a "BUG_ON()". SOLUTION: Fixed in version 2.6.39-rc3. PROVIDED AND/OR DISCOVERED BY: Robert Swiecki ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 18:10:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 03:10:44 +0200 Subject: [SEC] [SA43349] ISIS Papyrus AFP Viewer ActiveX Control Buffer Overflow Vulnerabilities Message-ID: <201104130110.p3D1AibS012985@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: ISIS Papyrus AFP Viewer ActiveX Control Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43349 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43349/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43349 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/43349/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43349/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43349 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered two vulnerabilities in ISIS Papyrus AFP Viewer, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the "npax" ActiveX control (activexpav31.dll) when processing the "FileReLoad()" method can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 256 characters) passed to the method. 2) A boundary error in the "npax" ActiveX control (activexpav31.dll) when processing the "SelectRegion()" method can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 256 characters) passed to the method. Successful exploitation of these vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 7.1.1.10150. Other versions may also be affected. SOLUTION: Update to version 7.02.0.11090. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 18:45:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 03:45:48 +0200 Subject: [SEC] [SA44141] Google Chrome Flash Player Code Execution Vulnerability Message-ID: <201104130145.p3D1jmfw002294@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Google Chrome Flash Player Code Execution Vulnerability SECUNIA ADVISORY ID: SA44141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44141 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerability in the bundled version of Adobe Flash Player. For more information: SA44119 Successful exploitation allows execution of arbitrary code. SOLUTION: Do not visit untrusted websites. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day in Adobe Flash Player. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 19:20:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 04:20:42 +0200 Subject: [SEC] [SA44160] Microsoft .NET Framework JIT Compiler Stack Corruption Vulnerability Message-ID: <201104130220.p3D2Kg9q024551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Microsoft .NET Framework JIT Compiler Stack Corruption Vulnerability SECUNIA ADVISORY ID: SA44160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44160 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the x86 JIT compiler when compiling certain function calls. This can be exploited to corrupt the stack via a specially crafted XAML Browser Application (XBAP). Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-028 (KB2446704, KB2446708, KB2446709, KB2446710, KB2449741, KB2449742): http://www.microsoft.com/technet/security/Bulletin/MS11-028.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 19:47:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 04:47:35 +0200 Subject: [SEC] [SA44149] Adobe Reader/Acrobat authplay.dll Code Execution Vulnerability Message-ID: <201104130247.p3D2lZX0013528@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat authplay.dll Code Execution Vulnerability SECUNIA ADVISORY ID: SA44149 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44149/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44149 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44149/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44149/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44149 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Acrobat/Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll). For more information: SA44119 Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 10.0.2 and earlier 10.x and 9.x versions for Windows and Macintosh. SOLUTION: Do not open untrusted PDF files. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day in Adobe Flash Player. ORIGINAL ADVISORY: http://www.adobe.com/support/security/advisories/apsa11-02.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 20:11:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 05:11:42 +0200 Subject: [SEC] [SA44119] Adobe Flash Player Unspecified Code Execution Vulnerability Message-ID: <201104130311.p3D3BgBC002345@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA44119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44119 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when parsing certain Flash content and allows execution of arbitrary code. The vulnerability is reported in the following versions: * Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player 10.2.154.25 and earlier for Chrome * Adobe Flash Player 10.2.156.12 and earlier for Android NOTE: The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content. SOLUTION: Do not visit untrusted sites nor open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa11-02.html http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html contagio: http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 20:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 05:46:27 +0200 Subject: [SEC] [SA44143] HP Photosmart Printers Multiple Vulnerabilities Message-ID: <201104130346.p3D3kR1Y024131@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: HP Photosmart Printers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44143 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44143/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44143 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44143/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44143/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44143 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in multiple HP Photosmart printers, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and manipulate certain data. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error in the webscan component can be exploited to disclose certain information. 3) An unspecified error in the SNMP component can be exploited to disclose or manipulate certain data. Please see the vendor's advisory for a list of affected devices. SOLUTION: Apply a workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Aaron Sigel, vtty.com. ORIGINAL ADVISORY: HPSBPI02656 SSRT090262: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02267197 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 21:12:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 06:12:05 +0200 Subject: [SEC] [SA44113] PDF Extract TIFF File Processing Buffer Overflow Vulnerability Message-ID: <201104130412.p3D4C5JA013060@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: PDF Extract TIFF File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44113 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: nSense has reported a vulnerability in PDF Extract TIFF, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an error in pdf2tif.dll when parsing a PDF file and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. SOLUTION: Reportedly, a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: JODE, nSense Vulnerability Research. ORIGINAL ADVISORY: NSENSE-2010-006: http://www.nsense.fi/advisories/nsense_2010_006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 21:49:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 06:49:15 +0200 Subject: [SEC] [SA44075] Debian update for gitolite Message-ID: <201104130449.p3D4nFAr002462@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for gitolite SECUNIA ADVISORY ID: SA44075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44075 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for gitolite. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA43390 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2215-1: http://www.debian.org/security/2011/dsa-2215 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 12 22:11:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 07:11:07 +0200 Subject: [SEC] [SA44138] IBM Virtual I/O Server Java Double Literal Parsing Denial of Service Vulnerability Message-ID: <201104130511.p3D5B7qn023654@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: IBM Virtual I/O Server Java Double Literal Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44138 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44138/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44138 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44138/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44138/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44138 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in Virtual I/O Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in version 2.2. SOLUTION: Apply interim fix (please see the vendor's advisory for details). ORIGINAL ADVISORY: https://www.ibm.com/support/docview.wss?uid=isg400000547 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 10:32:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 19:32:00 +0200 Subject: [SEC] [SA44131] Red Hat update for avahi Message-ID: <201104131732.p3DHW0ww012365@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for avahi SECUNIA ADVISORY ID: SA44131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44131 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43361 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0436-01: https://rhn.redhat.com/errata/RHSA-2011-0436.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 11:31:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 20:31:52 +0200 Subject: [SEC] [SA44095] Barcode Reader Toolkit "pdf2tif.dll" File Processing Buffer Overflow Vulnerability Message-ID: <201104131831.p3DIVqTt002802@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Barcode Reader Toolkit "pdf2tif.dll" File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44095 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: nSense has reported a vulnerability in Barcode Reader Toolkit, which can be exploited by malicious people to compromise an application using the library. The vulnerability exists in the bundled version of PDF Extract TIFF dynamic library module pdf2tif.dll. For more information: SA44113 The vulnerability is reported in version 7.4.1.3. Other versions may also be affected. SOLUTION: Update to version 7.4.1.5. PROVIDED AND/OR DISCOVERED BY: JODE, nSense Vulnerability Research. ORIGINAL ADVISORY: http://www.nsense.fi/advisories/nsense_2011_001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 12:32:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 21:32:23 +0200 Subject: [SEC] [SA44158] SUSE update for rsyslog Message-ID: <201104131932.p3DJWNBv025726@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for rsyslog SECUNIA ADVISORY ID: SA44158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44158 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for rsyslog. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44053 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0326-1: https://hermes.opensuse.org/messages/7977734 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 13:31:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 22:31:47 +0200 Subject: [SEC] [SA44136] Red Hat update for kernel Message-ID: <201104132031.p3DKVldi016175@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA44136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44136 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42570 SA43009 SA43594 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0429-01: https://rhn.redhat.com/errata/RHSA-2011-0429.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 14:25:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 23:25:28 +0200 Subject: [SEC] [SA43890] Debian update for vlc Message-ID: <201104132125.p3DLPSW1006379@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for vlc SECUNIA ADVISORY ID: SA43890 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43890/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43890 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/43890/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43890/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43890 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA44022 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2218-1: http://www.debian.org/security/2011/dsa-2218 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 14:46:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Apr 2011 23:46:52 +0200 Subject: [SEC] [SA44183] BlackBerry Enterprise Server Multiple Vulnerabilities Message-ID: <201104132146.p3DLkq79027508@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: BlackBerry Enterprise Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44183 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44183/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44183 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44183/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44183/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44183 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised in the BlackBerry Web Desktop Manager before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Some vulnerabilities exist in the bundled Apache Tomcat server. For more information: SA44166 Please see the vendor's advisories for a list of affected products. SOLUTION: Apply the Interim Security Software Update (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Ivan Huertas, Cybsec. 2) Reported by the vendor. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB25966 http://www.blackberry.com/btsc/KB26296 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 15:12:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 00:12:13 +0200 Subject: [SEC] [SA44099] Xceed Zip Compression Library Buffer Overflow Vulnerability Message-ID: <201104132212.p3DMCDu5016427@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Xceed Zip Compression Library Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44099 RELEASE DATE: 2011-04-13 DISCUSS ADVISORY: http://secunia.com/advisories/44099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library. The vulnerability is confirmed in version 6.1.7557.0 (DLL). Other versions may also be affected. SOLUTION: Update to version 6.5.10316.0. PROVIDED AND/OR DISCOVERED BY: Originally reported in Vallen Zipper by C4SS!0 G0M3S. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17145/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 15:47:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 00:47:30 +0200 Subject: [SEC] [SA44142] MediaWiki Multiple Vulnerabilities Message-ID: <201104132247.p3DMlUcR005786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: MediaWiki Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44142 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. 1) The application does not properly prevent certain browsers (e.g. Internet Explorer 6) from guessing the content type based on the ending of the query URL, which can be exploited to inject and execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain input passed via CSS comments is not properly sanitised by the wikitext parser before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) The transwiki import feature does not properly restrict access on form submissions, which can be exploited to perform e.g. unauthorised, remote imports from certain sources. This vulnerability requires the transwiki import feature to be enabled (disabled by default). The vulnerabilities are reported in versions prior to 1.16.3. SOLUTION: Update to version 1.16.3. The vendor suggests the use of URL rewrite features of web servers (e.g. "rewrite_mod" in Apache) to mitigate vulnerability #1. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Masato Kinugawa. 2) The vendor credits Suffusion of Yellow. 3) Reported by the vendor. ORIGINAL ADVISORY: MediaWiki: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 16:12:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 01:12:37 +0200 Subject: [SEC] [SA44052] FirstClass Client Link Input Sanitation and Insecure Library Loading Vulnerabilities Message-ID: <201104132312.p3DNCbvQ027112@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: FirstClass Client Link Input Sanitation and Insecure Library Loading Vulnerabilities SECUNIA ADVISORY ID: SA44052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44052 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in FirstClass Client, which can be exploited by malicious people to compromise a user's system. 1) An input sanitation error when processing "FCP://" URL links can be exploited to create an arbitrary file with attacker controlled content via a specially crafted link e.g. sent in an email message. Successful exploitation of this vulnerability allows execution of arbitrary code, but requires a user to click on a malicious link. 2) The application bundles a vulnerable version of the Pthreads-win32 library, which loads libraries (e.g. quserex.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FC (".fc") file located on a remote WebDAV or SMB share. The vulnerabilities are confirmed in version 11.005. Other versions may also be affected. SOLUTION: Do not open links and files from untrusted users. PROVIDED AND/OR DISCOVERED BY: 1) Kyle Ossinger 2) Mister Teatime ORIGINAL ADVISORY: http://www.k0ss.net/post/4379731102/firstclass-0day-release-part-1 http://www.k0ss.net/post/4394800170/firstclass-0day-release-part-2-some-fun-tricks OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 16:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 01:46:40 +0200 Subject: [SEC] [SA44166] BlackBerry Enterprise Server Apache Tomcat Multiple Vulnerabilities Message-ID: <201104132346.p3DNkeJ7016406@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: BlackBerry Enterprise Server Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44166 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Research In Motion has acknowledged multiple vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service). The vulnerabilities exist in the bundled Apache Tomcat server, which is used by the BlackBerry Administration service. For more information: SA26466 SA28046 SA28878 SA35326 SA37291 SA39574 The vulnerabilities are reported in version 4.1.4 and higher. SOLUTION: Apply the Interim Security Software Update (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB25966 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 17:14:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 02:14:28 +0200 Subject: [SEC] [SA44118] WebJaxe Cross-Site Request Forgery Vulnerability Message-ID: <201104140014.p3E0ESsZ005429@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: WebJaxe Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44118 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44118/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44118 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44118/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44118/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44118 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in WebJaxe, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22927: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 17:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 02:46:34 +0200 Subject: [SEC] [SA44147] SPIP Database Disconnect Denial of Service Vulnerability Message-ID: <201104140046.p3E0kYwY027069@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SPIP Database Disconnect Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44147 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44147/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44147 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44147/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44147/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44147 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SPIP, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to disconnect the site from the database. Successful exploitation requires "editor" access. The vulnerability is reported in versions prior to 2.1.10. SOLUTION: Update to version 2.1.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Arnault. ORIGINAL ADVISORY: SPIP: http://www.spip-contrib.net/Mise-a-jour-de-securite-SPIP-2-1-10 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 18:11:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 03:11:39 +0200 Subject: [SEC] [SA44101] Wordtrainer Glosexpert File Parsing Buffer Overflow Vulnerabilities Message-ID: <201104140111.p3E1BdCO015979@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Wordtrainer Glosexpert File Parsing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA44101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44101 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Wordtrainer, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors when parsing Glosexpert (*.ord) files, which can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted Glosexpert file. The vulnerabilities are confirmed in version 3.07 (Shareware). Other versions may also be affected. SOLUTION: Do not open untrusted Glosexpert files. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17157/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 18:46:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 03:46:25 +0200 Subject: [SEC] [SA44130] Xataface Output Cache Session Hijacking Security Issue Message-ID: <201104140146.p3E1kPxL005308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Xataface Output Cache Session Hijacking Security Issue SECUNIA ADVISORY ID: SA44130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44130 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Xataface, which can be exploited by malicious people to hijack another user's session. The security issue is caused due to an error within the output cache feature, which can be exploited to hijack another users session. Successful exploitation requires that the output cache feature is enabled (disabled by default). The security issue is reported in versions 1.0 through 1.3rc1. SOLUTION: Update to version Xataface 1.3rc2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 19:17:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 04:17:32 +0200 Subject: [SEC] [SA44180] Fedora update for dhcp Message-ID: <201104140217.p3E2HWdS027348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA44180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44180 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages via the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2011-4897: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 19:46:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 04:46:41 +0200 Subject: [SEC] [SA44152] HP-UX update for BIND Message-ID: <201104140246.p3E2kf78016435@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: HP-UX update for BIND SECUNIA ADVISORY ID: SA44152 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44152/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44152 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44152/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44152/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44152 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42374 The vulnerability is reported in HP-UX B.11.31 running BIND versions prior to C.9.3.2.9.0 and HP-UX B.11.11 and B.11.23 running BIND versions prior to C.9.3.2.8.0. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02655 SSRT100353: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02783438 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 20:11:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 05:11:24 +0200 Subject: [SEC] [SA44110] McAfee Firewall Reporter Web Interface Security Bypass Vulnerability Message-ID: <201104140311.p3E3BOer005311@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: McAfee Firewall Reporter Web Interface Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in McAfee Firewall Reporter, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the GernalUtilities.pm module when parsing the "cgisess" cookie value during the session validation process. This can be exploited to gain access to the web interface via directory traversal specifiers in the cookie's value, which points to a valid file on the system. The vulnerability is reported in version 5.1.0.6. SOLUTION: Update to version 5.1.0.13. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via ZDI ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10015 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-117/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 20:46:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 05:46:39 +0200 Subject: [SEC] [SA44065] KDE Konqueror Error Page Cross-Site Scripting Vulnerability Message-ID: <201104140346.p3E3kdWQ027093@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: KDE Konqueror Error Page Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44065 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tim Brown has reported a vulnerability in KDE Konqueror, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to the "KHTMLPart::htmlError()" function in khtml/khtml_part.cpp not properly sanitising the URL displayed via the error page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site if the domain cannot be resolved. The vulnerability is reported in KDE SC versions 4.6.1 and prior. SOLUTION: Apply patches. See vendor's advisory for additional details. PROVIDED AND/OR DISCOVERED BY: Tim Brown, Nth Dimension. ORIGINAL ADVISORY: KDE: http://www.kde.org/info/security/advisory-20110411-1.txt Nth Dimension: http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 21:11:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 06:11:53 +0200 Subject: [SEC] [SA44106] SUSE update for libvirt Message-ID: <201104140411.p3E4BriX016003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE update for libvirt SECUNIA ADVISORY ID: SA44106 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44106/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44106 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44106/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44106/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44106 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43670 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0317-1: https://hermes.opensuse.org/messages/7872290 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 21:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 06:46:27 +0200 Subject: [SEC] [SA44029] OTRS Cross-Site Scripting Vulnerabilities Message-ID: <201104140446.p3E4kRMK005323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: OTRS Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44029 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in OTRS, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 2.4.10 and 3.0.7. SOLUTION: Update to version 2.4.10 or 3.0.7. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Szymon Sobczyk. ORIGINAL ADVISORY: OSA-2011-01: http://otrs.org/advisory/OSA-2011-01-en/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 13 22:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 07:11:48 +0200 Subject: [SEC] [SA44125] Kerberos kadmind Denial of Service Vulnerability Message-ID: <201104140511.p3E5Bm69026650@CRON-IX-2.intnet> ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Kerberos kadmind Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44125 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in kadmind when processing certain packets. This can be exploited to cause the process to free an invalid memory pointer and crash the daemon via a packet sent to TCP port 749. The vulnerability is confirmed in version krb5-1.9. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Reported by Felipe Ortega in a Debian bug report. ORIGINAL ADVISORY: Felipe Ortega: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 10:34:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 19:34:09 +0200 Subject: [SEC] [SA44001] Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities Message-ID: <201104141734.p3EHY9Q4009673@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44001 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Sonexis ConferenceManager, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks. 1) Input passed via the "fname", "lname", "email_edit", "email", "email2", "email3", "sms", "sms_id", and "work" parameters to myAddressBook.asp is not properly sanitised before being display to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "g" parameter to Conference/Audio/AudioResourceContainer.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "txtConferenceID" parameter to Login/HostLogin.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 9.3.14.0. Other versions may also be affected. SOLUTION: The vulnerabilities will be fixed in an upcoming version. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: 1, 2) Rob Kraus and Solutionary Engineering Research Team. 3) Independently reported by Rob Kraus and Solutionary Engineering Research Team and Kevin Finisterre, Netragard. ORIGINAL ADVISORY: Solutionary Engineering Research Team: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.htm Netragard: http://www.netragard.com/pdfs/research/NETRAGARD-20110910.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 11:34:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 20:34:06 +0200 Subject: [SEC] [SA44139] Orbeon Forms Multiple Vulnerabilities Message-ID: <201104141834.p3EIY6DU032545@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Orbeon Forms Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44139 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Orbeon Forms, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) The application allows to include external XML entities by sending specially crafted XML data to orbeon/xforms-server, which can be exploited by a client to e.g. include server side resources or access and scan certain network resources. 2) The application includes a vulnerable copy of YUI, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. For more information: SA41955 SOLUTION: Fixed in version 3.9.0 Release Candidate 1. PROVIDED AND/OR DISCOVERED BY: 1) Daniel Grzelak and Rohan Stelling, stratsec 2) Reported by the vendor. ORIGINAL ADVISORY: Orbeon: http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39#TOC-Security stratsec: http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 12:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 21:31:36 +0200 Subject: [SEC] [SA44187] SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104141931.p3EJVaVa022906@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "sort", "numPerPage", "page", "lastPage", "numPerpageb", "pageb", and "direction" parameters in MessagingSystem/monitor/monitor.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "proxyhost", "proxyport", "storagesystem", "storeid", "unixroot", and "winroot" parameters in cas_validate.jsp and "archivepath" parameter in pst_enter.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Alexandr Polyakov, Digital Security Research Group 2) Dmitriy Evdokimov, Digital Security Research Group ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1443367 https://service.sap.com/sap/support/notes/1490335 Digital Security Research Group (DSECRG-11-015, DSECRG-11-016): http://dsecrg.com/pages/vul/show.php?id=315 http://dsecrg.com/pages/vul/show.php?id=316 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 13:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 22:31:32 +0200 Subject: [SEC] [SA44112] Ubuntu update for gimp Message-ID: <201104142031.p3EKVWKj013386@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Ubuntu update for gimp SECUNIA ADVISORY ID: SA44112 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44112/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44112 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44112/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44112/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44112 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for gimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42771 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1109-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001303.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 14:25:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 23:25:24 +0200 Subject: [SEC] [SA44165] TinyBB "post" SQL Injection Vulnerability Message-ID: <201104142125.p3ELPORp003569@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: TinyBB "post" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44165 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TinyBB, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "post" parameter to index.php (when "page" is set to "thread") is not properly sanitised in inc/viewthread.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is reported in version 1.4 released before April 11th 2011. SOLUTION: The vendor has released an updated version 1.4 on April 11th, 2011, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: swami OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 14:46:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Apr 2011 23:46:30 +0200 Subject: [SEC] [SA44133] Cacti "drp_action" Cross-Site Scripting Vulnerability Message-ID: <201104142146.p3ELkUV8024711@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Cacti "drp_action" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44133 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44133/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44133 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44133/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44133/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44133 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Cacti, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "drp_action" parameter to host.php (when "action" is set to "actions") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.8.7g. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Vupen OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 15:11:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 00:11:39 +0200 Subject: [SEC] [SA44085] FiberHome HG-110 Router Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201104142211.p3EMBdIb013619@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: FiberHome HG-110 Router Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA44085 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44085/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44085 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44085/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44085/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44085 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Zerial has reported two vulnerabilities in FiberHome HG-110 Router, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed to the "getpage" parameter in cgi-bin/webproc (when "var:menu" is set to "advanced" and "var:page" is set to "dns") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "getpage" parameter in cgi-bin/webproc (when "var:menu" is set to "advanced" and "var:page" is set to "dns") is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerabilities are reported in firmware version 1.0.0 (software version HG110_BH_V1.6). Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: Zerial ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-04/0126.html http://blog.zerial.org/seguridad/vulnerabilidad-en-todos-los-routers-fiberhome-hg-110-de-telefonicamovistar/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 15:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 00:46:40 +0200 Subject: [SEC] [SA44168] Fedora update for perl Message-ID: <201104142246.p3EMker8002958@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for perl SECUNIA ADVISORY ID: SA44168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44168 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. For more information: SA43921 SOLUTION: Apply updated packages via the yum utility ("yum update perl"). ORIGINAL ADVISORY: FEDORA-2011-4610: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 16:12:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 01:12:06 +0200 Subject: [SEC] [SA43421] BoltWire "p" Cross-Site Scripting Vulnerability Message-ID: <201104142312.p3ENC6si024295@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: BoltWire "p" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43421 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43421/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43421 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/43421/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43421/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43421 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in BoltWire, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "p" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.4.15. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 16:47:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 01:47:20 +0200 Subject: [SEC] [SA44078] PHP Album Multiple Vulnerabilities Message-ID: <201104142347.p3ENlKE2013661@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: PHP Album Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44078 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in PHP Album, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and compromise a vulnerable system. 1) Input passed to the "var3" and "p_new_group_name" parameter in main.php (when "cmd" is set to "setup") is not properly sanitised in setup.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. 3) Input passed via the "var3" parameter to main.php (when "cmd" is set to "setup") is not properly sanitised before being used in phpdatabase.php. This can be exploited to inject and execute arbitrary PHP code. The vulnerabilities are confirmed in version 0.4.1.14.fix06. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22922: http://www.htbridge.ch/advisory/xss_vulnerabilities_in_phpalbum_net.html HTB22923: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpalbum_net.html HTB22924: http://www.htbridge.ch/advisory/arbitrary_command_execution_in_phpalbum_net.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 17:14:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 02:14:56 +0200 Subject: [SEC] [SA44097] CA Total Defense Multiple Vulnerabilities Message-ID: <201104150014.p3F0EuLH002663@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: CA Total Defense Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44097 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in CA Total Defense, which can be exploited by malicious people to disclose sensitive information, conduct SQL injection attacks, and compromise a vulnerable system. 1) An error in the "getDBConfigSettings()" method within the management.asmx module of the Management Web Service can be exploited to disclose a server's database credentials. 2) Input passed via SOAP requests to management.asmx is not properly sanitised before being used in a SQL query for the UnAssignFunctionRoles, UnAssignFunctionalUsers, UnassignAdminRoles, NonAssignedUserList, DeleteReportLayout, DeleteReports, RegenerateReport stored procedures. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via SOAP requests to MainApplication.html is not properly sanitised before being used in a SQL query for the DeleteFilter stored procedure. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) Input passed via the "GUID" parameter to FileUploadHandler.ashx within the Heartbeat web service is not properly sanitised in CA.Itm.Server.ManagementWS.dll and can be exploited to upload controlled content to an arbitrary file using directory traversal attacks. The vulnerabilities are reported in version r12 within the following components: * TD Management Server Core version 12.0.0.621. * Unified Network Control (UNC) version 12.0.0.622. SOLUTION: Update to version r12 SE2. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via ZDI. ORIGINAL ADVISORY: CA: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866} ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-126/ http://www.zerodayinitiative.com/advisories/ZDI-11-127/ http://www.zerodayinitiative.com/advisories/ZDI-11-128/ http://www.zerodayinitiative.com/advisories/ZDI-11-129/ http://www.zerodayinitiative.com/advisories/ZDI-11-130/ http://www.zerodayinitiative.com/advisories/ZDI-11-131/ http://www.zerodayinitiative.com/advisories/ZDI-11-132/ http://www.zerodayinitiative.com/advisories/ZDI-11-133/ http://www.zerodayinitiative.com/advisories/ZDI-11-134/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 17:46:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 02:46:30 +0200 Subject: [SEC] [SA44146] Fedora update for logrotate Message-ID: <201104150046.p3F0kUvS024277@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for logrotate SECUNIA ADVISORY ID: SA44146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44146 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for logrotate. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42559 SOLUTION: Apply updated packages via the yum utility ("yum update logrotate"). ORIGINAL ADVISORY: FEDORA-2011-3739: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 18:13:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 03:13:46 +0200 Subject: [SEC] [SA44102] PHP-Lance Multiple SQL Injection Vulnerabilities Message-ID: <201104150113.p3F1Dk07013296@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: PHP-Lance Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44102 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in PHP-Lance, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "language" parameter to index.php, buy_services.php, and sell_services.php, the "seller_id" parameter to feedback_display.php, the "buyer_id" parameter to feedback_display_b.php, the "id" parameter to project_details.php, and the "catid" parameter to categories.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.52. Other versions may also be affected. SOLUTION: Edit the source to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurdish hackers team ORIGINAL ADVISORY: http://kurdteam.org/exploit.php?id=46 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 18:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 03:46:34 +0200 Subject: [SEC] [SA44148] Fedora update for quagga Message-ID: <201104150146.p3F1kYbE002496@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for quagga SECUNIA ADVISORY ID: SA44148 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44148/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44148 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44148/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44148/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44148 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43770 SOLUTION: Apply updated packages via the yum utility ("yum update quagga"). ORIGINAL ADVISORY: FEDORA-2011-3916: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057831.html FEDORA-2011-3922: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057833.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 19:19:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 04:19:31 +0200 Subject: [SEC] [SA44150] Red Hat Network Satellite Server Two Vulnerabilities Message-ID: <201104150219.p3F2JVou024692@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Red Hat Network Satellite Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44150 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44150/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44150 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44150/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44150/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44150 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged two vulnerabilities Red Hat Network Satellite Server, which can be exploited by malicious users to bypass certain security features and by malicious people to disclose potentially sensitive information. 1) An obsolete channel package group configuration XML-RPC API can be exploited to prevent clients from performing certain yum actions or to disclose files accessible by the RHN Satellite server process. Successful exploitation requires authentication. 2) An error when rewriting certain URLs can be exploited to gain access to certain information about the host system via specially crafted HTTP requests. Note: This may be further be exploited to perform "distributed Denial of Service" attacks. SOLUTION: Updated packages are available via Red Hat Network. Follow potentially required manual steps to fully resolve CVE-2009-0788 (see vendor's advisory for additional details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:0434-1: https://rhn.redhat.com/errata/RHSA-2011-0434.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 19:46:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 04:46:44 +0200 Subject: [SEC] [SA44117] Slackware update for libtiff Message-ID: <201104150246.p3F2kiQZ013688@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Slackware update for libtiff SECUNIA ADVISORY ID: SA44117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44117 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-098-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 20:11:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 05:11:43 +0200 Subject: [SEC] [SA44162] Microsoft Windows JScript and VBScript Integer Overflow Vulnerability Message-ID: <201104150311.p3F3BhaG002563@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Windows JScript and VBScript Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA44162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44162 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when the scripting engine reallocates memory while decoding a script. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-031 (KB2510531, KB2510581, KB2510587): http://www.microsoft.com/technet/security/Bulletin/MS11-031.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 20:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 05:46:31 +0200 Subject: [SEC] [SA43836] Microsoft Windows OpenType Compact Font Format Driver Vulnerability Message-ID: <201104150346.p3F3kVsq024338@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Windows OpenType Compact Font Format Driver Vulnerability SECUNIA ADVISORY ID: SA43836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43836 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/43836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. The vulnerability is caused due to an error in the OpenType Compact Font Format Driver when parsing OpenType fonts. This can be exploited by tricking a user into navigating to a network share containing a specially crafted font file in Windows Explorer (only Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2) or visit a specially crafted web page using a third-party browser that natively renders OpenType fonts. Successful exploitation may allow execution of arbirtary code in kernel mode. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Twardoch, Fontlab. ORIGINAL ADVISORY: MS11-032 (KB2507618): http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 21:12:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 06:12:12 +0200 Subject: [SEC] [SA39903] Microsoft PowerPoint Three Vulnerabilities Message-ID: <201104150412.p3F4CCwU013287@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft PowerPoint Three Vulnerabilities SECUNIA ADVISORY ID: SA39903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39903 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/39903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. 1) An error when parsing TimeColorBehaviorContainer Floating Point records can be exploited to corrupt memory. 2) An error when parsing PersistDirectoryEntry records can be exploited to corrupt memory. 3) An error when parsing OfficeArt records can be exploited to corrupt memory. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: MS11-022 (KB2464617, KB2464623, KB2464635, KB2464588, KB2464594, KB2489283, KB2505924, KB2505927, KB2505935, KB2519975, KB2519984, KB2520047, KB2525412): http://www.microsoft.com/technet/security/Bulletin/MS11-022.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-123/ http://www.zerodayinitiative.com/advisories/ZDI-11-124/ http://www.zerodayinitiative.com/advisories/ZDI-11-125/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 21:47:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 06:47:39 +0200 Subject: [SEC] [SA39122] Microsoft Excel Multiple Vulnerabilities Message-ID: <201104150447.p3F4ld17002613@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39122 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/39122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error when parsing data included in a 400h substream can be exploited to cause a stack-based buffer overflow. 2) A signedness error when parsing record data from external XLS files can be exploited to cause a buffer overflow via an external XLS file defining an overly large record size. 3) Improper calculation of a pointer when parsing RealTimeData records containing a "stTopic" field that specifies use of double-byte characters in the following field can be exploited to corrupt memory when copying data from file. 4) An unspecified error when parsing certain records can be exploited to corrupt memory. 5) An error when parsing certain records can be exploited to cause a buffer overflow. 6) Improper initialisation of a variable used as the "count" argument for a call to memcpy() when parsing certain content can be exploited to cause a buffer overflow. 7) An array-indexing error when parsing certain records can be exploited to corrupt memory. 8) An error in the managing of certain data structure members when parsing certain content can be exploited to corrupt memory. 9) An error in the managing of certain data structure members when parsing certain content can be exploited to dereference an invalid pointer value. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 2) Alin Rad Pop, Secunia Research. 4) An anonymous person via iDefense. 3, 6) Aniway via ZDI. The vendor credits: 3) Muhammad Junaid Bohio, Telus Security Labs. 5) Rodrigo Rubira Branco, Check Point Vulnerability Discovery Team. 7) Aniway via ZDI. 8, 9) An anonymous person via ZDI. ORIGINAL ADVISORY: MS11-021 (KB2464583, KB2466146, KB2466156, KB2466158, KB2466169, KB2489279, KB2502786, KB2505924, KB2505927, KB2505935, KB2525412): http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx Secunia Research: http://secunia.com/secunia_research/2011-31/ http://secunia.com/secunia_research/2011-32/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-120/ http://www.zerodayinitiative.com/advisories/ZDI-11-121/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 14 22:11:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 07:11:32 +0200 Subject: [SEC] [SA44159] Microsoft Windows Messenger ActiveX Control Unspecified Vulnerability Message-ID: <201104150511.p3F5BWmg023892@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Windows Messenger ActiveX Control Unspecified Vulnerability SECUNIA ADVISORY ID: SA44159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44159 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows Messenger, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the Windows Messenger ActiveX Control (msgsc.dll) that can be exploited to execute arbitrary code via a specially crafted web page. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits RadLSneak via iSIGHT Partners Global Vulnerability Partnership. ORIGINAL ADVISORY: MS11-027 (KB2508272): http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 10:32:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 19:32:36 +0200 Subject: [SEC] [SA44170] Help & Manual Insecure Library Loading Vulnerability Message-ID: <201104151732.p3FHWaB8012598@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Help & Manual Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA44170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44170 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in Help & Manual, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. ijl15.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a HMXP (".hmxp") file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.5.1 Build 1296. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 11:31:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 20:31:51 +0200 Subject: [SEC] [SA44203] Joomla! Multiple Vulnerabilities Message-ID: <201104151831.p3FIVpTp003018@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Joomla! Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44203 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44203/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44203 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44203/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44203/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44203 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct cross-site scripting, request forgery, and SQL injection attacks. 1) Some unspecified errors can be exploited to disclose certain information. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An unspecified error can be exploited to gain unauthorised access. 4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into clicking a specially crafted link via clickjacking. The vulnerabilities are reported in versions prior to 1.6.2. SOLUTION: Update to version 1.6.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.joomla.org/announcements/release-news/5368-joomla-162-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 12:32:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 21:32:00 +0200 Subject: [SEC] [SA44196] Red Hat update for krb5 Message-ID: <201104151932.p3FJW0Yr025900@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA44196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44196 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44125 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0447-1: https://rhn.redhat.com/errata/RHSA-2011-0447.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 13:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 22:31:32 +0200 Subject: [SEC] [SA44205] SAP NetWeaver Web Application Server Cross-Site Scripting Vulnerabilities Message-ID: <201104152031.p3FKVWZL016364@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SAP NetWeaver Web Application Server Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44205 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44205/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44205 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44205/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44205/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44205 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Onapsis has reported multiple vulnerabilities in SAP NetWeaver Web Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised in the ITS Mobile Start and ITS Mobile Test services before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOTE: Additionally, a weakness exists when handling certain input and can be exploited to redirect a client to a malicious web site. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Mariano Nunez Di Croce, Onapsis ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1512134 Onapsis: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-003 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-004 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 14:25:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 23:25:41 +0200 Subject: [SEC] [SA44201] Novell ZENworks Configuration Management Arbitrary File Upload Vulnerability Message-ID: <201104152125.p3FLPfai006564@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Novell ZENworks Configuration Management Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA44201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44201 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44120 SOLUTION: Apply patch when it becomes available. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007841 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-118/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 14:46:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Apr 2011 23:46:53 +0200 Subject: [SEC] [SA44177] EZ-Shop "specialid" SQL Injection Vulnerability Message-ID: <201104152146.p3FLkrvL027683@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: EZ-Shop "specialid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44177 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Giovanni Buzzin has discovered a vulnerability in EZ-Shop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "specialid" parameter to specialoffer.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Giovanni Buzzin, "Osirys" ORIGINAL ADVISORY: http://y-osirys.com/security/exploits/id28 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 15:11:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 00:11:35 +0200 Subject: [SEC] [SA44108] Ubuntu update for kde4libs Message-ID: <201104152211.p3FMBZdB016569@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Ubuntu update for kde4libs SECUNIA ADVISORY ID: SA44108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44108 RELEASE DATE: 2011-04-15 DISCUSS ADVISORY: http://secunia.com/advisories/44108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kde4libs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA44065 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1110-1: http://www.ubuntu.com/usn/usn-1110-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 15:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 00:46:24 +0200 Subject: [SEC] [SA44191] Agahi "id" SQL Injection Vulnerability Message-ID: <201104152246.p3FMkOkt005897@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Agahi "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44191 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Agahi, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to view_ad.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Sepehr Security Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 16:12:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 01:12:38 +0200 Subject: [SEC] [SA44206] SAP NetWeaver Portal Path Disclosure Weakness Message-ID: <201104152312.p3FNCcKL027261@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SAP NetWeaver Portal Path Disclosure Weakness SECUNIA ADVISORY ID: SA44206 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44206/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44206 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44206/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44206/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44206 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Onapsis has reported a weakness in SAP NetWeaver Portal, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to the portal displaying error messages that may contain the absolute path name of the installed component when handling specially crafted HTTP requests. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Jordan Santarsieri, Onapsis ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1513182 Onapsis: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-005 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 16:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 01:47:10 +0200 Subject: [SEC] [SA44044] Collaborative Passwords Manager "path" File Disclosure Vulnerability Message-ID: <201104152347.p3FNlAio016567@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Collaborative Passwords Manager "path" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA44044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44044 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kaan Kivilcim has discovered a vulnerability in Collaborative Passwords Manager, which can be exploited by malicious people to disclose sensitive information. Input passed to the "path" parameter in sources/downloadFile.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 1.82. Other version may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Kaan Kivilcim, Sense of Security. ORIGINAL ADVISORY: SOS-11-004: http://www.senseofsecurity.com.au/advisories/SOS-11-004 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 17:15:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 02:15:06 +0200 Subject: [SEC] [SA44175] atop Insecure Temporary Files Security Issues Message-ID: <201104160015.p3G0F6Re005600@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: atop Insecure Temporary Files Security Issues SECUNIA ADVISORY ID: SA44175 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44175/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44175 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44175/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44175/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44175 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issue have been reported in atop, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the application creating temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files or delete an "atop.acct" file in an arbitrary directory via symlink attacks. The security issues are reported in version 1.26. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by Teodor in a Debian bug report. ORIGINAL ADVISORY: Debian Bug #622794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 17:47:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 02:47:59 +0200 Subject: [SEC] [SA44189] RT Multiple Vulnerabilities Message-ID: <201104160047.p3G0lxYE027245@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: RT Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44189 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in RT, which can be exploited by malicious people to conduct spoofing attacks, cross-site scripting attacks, and disclose potentially sensitive information and by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and compromise a vulnerable system. 1) An error within the "external custom field" feature can be exploited to inject and execute arbitrary code. Successful exploitation requires that "CustomFieldValuesSources" is enabled (disabled by default). Note: This vulnerability only affects version 3.8.0 and later and can also be exploited to via cross-site request forgery attacks. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code. 3) An unspecified error within the search interface can be exploited to disclose certain sensitive information (e.g. encrypted passwords). Successful exploitation requires a privileged user account. 4) An unspecified error can be exploited to trick a user into sending authentication credentials to an untrusted 3rd party server. 5) Certain input is not properly verified before being used to access files. This can be exploited to access and disclose files outside of RT's root directory via directory traversal attacks. Note: Certain servers (e.g. Apache, nginx) mitigate this attack. 6) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 3.6.11 or 3.8.10. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 18:12:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 03:12:01 +0200 Subject: [SEC] [SA44163] SimplyPlay "TWideIniFile.ReadString()" Buffer Overflow Vulnerability Message-ID: <201104160112.p3G1C1SK016105@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SimplyPlay "TWideIniFile.ReadString()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44163 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SimplyPlay, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "TWideIniFile.ReadString()" function in WideIniFiles.pas, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted playlist file. The vulnerability is confirmed in revision 66. Other revisions may also be affected. SOLUTION: Do not open untrusted playlist files. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17171/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 18:46:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 03:46:43 +0200 Subject: [SEC] [SA44207] Apple iOS Multiple Vulnerabilities Message-ID: <201104160146.p3G1kh7C005403@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44207 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities has been reported in Apple iOS, which can be exploited by malicious people to disclose system information and compromise a vulnerable device. For more information: SA43832 SOLUTION: Upgrade to iOS 4.3.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4606 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 19:18:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 04:18:26 +0200 Subject: [SEC] [SA44154] Apple iOS for iPhone 4 (CDMA) Multiple Vulnerabilities Message-ID: <201104160218.p3G2IQZq027498@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Apple iOS for iPhone 4 (CDMA) Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44154 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device. 1) A boundary error exists within QuickLook. For more information see vulnerability #29 in: SA43814 2) An integer overflow error exists within WebKit. For more information: SA43748 3) A use-after-free error exists within WebKit. For more information see vulnerability #2 in: SA44151 Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in iOS for iPhone 4 (CDMA) versions 4.2.5 through 4.2.6. SOLUTION: Update to iOS for iPhone 4 (CDMA) 4.2.7 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) Charlie Miller and Dion Blazakis via ZDI. 2) Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann via ZDI. 3) Vupen via ZDI. The vendor also credits Martin Barbella. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4607 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-109/ http://www.zerodayinitiative.com/advisories/ZDI-11-104/ http://www.zerodayinitiative.com/advisories/ZDI-11-135/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 19:46:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 04:46:50 +0200 Subject: [SEC] [SA44193] Fedora update for xorg-x11-server-utils Message-ID: <201104160246.p3G2koTX016535@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for xorg-x11-server-utils SECUNIA ADVISORY ID: SA44193 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44193/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44193 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44193/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44193/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44193 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for xorg-x11-server-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. For more information: SA44040 SOLUTION: Apply updated packages via the yum utility ("yum update xorg-x11-server-utils"). ORIGINAL ADVISORY: FEDORA-2011-4871: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 20:12:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 05:12:02 +0200 Subject: [SEC] [SA44049] Dotclear Arbitrary File Upload Vulnerability Message-ID: <201104160312.p3G3C21T005424@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Dotclear Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA44049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44049 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Dotclear, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the "updateFile()" function in inc/core/class.dc.media.php script not properly verifying uploaded file types. This can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation requires "manage their own media types" permissions. The vulnerability is confirmed in version 2.2.2. Prior versions may also be affected. SOLUTION: Update to version 2.2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Raphael. ORIGINAL ADVISORY: http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 20:47:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 05:47:07 +0200 Subject: [SEC] [SA44151] Apple Safari Two Vulnerabilities Message-ID: <201104160347.p3G3l7m0027186@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Apple Safari Two Vulnerabilities SECUNIA ADVISORY ID: SA44151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44151 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists within WebKit. For more information: SA43748 2) A use-after-free error within WebKit when handling WBR tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are reported in versions prior to 5.0.5. SOLUTION: Update to version 5.0.5. PROVIDED AND/OR DISCOVERED BY: 1) Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann via ZDI. 2) Vupen via ZDI. The vendor also credits Martin Barbella. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4596 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-104/ http://www.zerodayinitiative.com/advisories/ZDI-11-135/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 21:12:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 06:12:14 +0200 Subject: [SEC] [SA44184] IBM Tivoli Directory Server Two Vulnerabilities Message-ID: <201104160412.p3G4CEBr016088@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: IBM Tivoli Directory Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44184 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44184/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44184 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44184/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44184/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44184 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to compromise a vulnerable system. 1) An error within ibmslapd.exe can be exploited to cause a stack-based buffer overflow. For more information see vulnerability #2 in: SA43994 2) The TDS proxy server stores the user's password in cleartext. For more information see vulnerability #3 in: SA43994 The vulnerabilities are reported in versions 5.2 and 6.0. SOLUTION: Apply interim fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Francis Provencher, Protek Research Labs via ZDI. 2) Reported by the vendor. ORIGINAL ADVISORY: IBM (IO14043, IO14044, IO14045, IO14046): http://www.ibm.com/support/docview.wss?uid=swg24029663 http://www.ibm.com/support/docview.wss?uid=swg24029672 http://www.ibm.com/support/docview.wss?uid=swg21496117 http://www.ibm.com/support/docview.wss?uid=swg21496086 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 21:47:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 06:47:20 +0200 Subject: [SEC] [SA44153] Microsoft Internet Explorer Multiple Vulnerabilities Message-ID: <201104160447.p3G4lKBJ005407@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44153 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system. 1) A user-after-free error when handling an object, which is exchanged during a call to a certain function, can be exploited to dereference already freed memory and execute arbitrary code via a specially crafted web page. NOTE: According to Microsoft, this vulnerability is currently being exploited in limited, targeted attacks. 2) An error when attempting to access an uninitialised or deleted MSHTML object can be exploited to corrupt memory and execute arbitrary code when a user visits a specially crafted web page. 3) An error in the handling of the frame tag object can be exploited to disclose certain information or conduct clickjacking attacks. 4) An error in the handling of certain JavaScript objects can be exploited to bypass domain restrictions and may allow to disclose content from another domain or Internet Explorer zone. 5) An error exists in the handling of the "onPropertyChange" event when set to an object's attribute collection. This can be exploited to corrupt memory and execute arbitrary code when a user visits a specially crafted web page. NOTE: According to Microsoft, this vulnerability is currently being exploited in limited, targeted attacks. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) An anonymous person via iDefense. Also reported as a 0-day. 2) Reported by the vendor. 3, 4) The vendor credits David Bloom, Google. 5) Stephen Fewer, Harmony Security via ZDI. Also reported as a 0-day. ORIGINAL ADVISORY: MS11-018 (KB2497640): http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-119/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 15 22:11:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 07:11:44 +0200 Subject: [SEC] [SA44128] Vallen Zipper Buffer Overflow Vulnerability Message-ID: <201104160511.p3G5BiYd026699@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Vallen Zipper Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44128 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44128/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44128 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44128/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44128/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44128 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Vallen Zipper, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of a vulnerable version of the Xceed Zip Compression Library. For more information: SA44099 The vulnerability is confirmed in version 2.30 (build 9.1215). SOLUTION: Do not open untrusted ZIP archives. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17145/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 10:32:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 19:32:27 +0200 Subject: [SEC] [SA44185] HP Network Node Manager i Unauthorized Access and Cross-Site Scripting Vulnerabilities Message-ID: <201104161732.p3GHWROE032704@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Unauthorized Access and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44185 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP Network Node Manager i, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. 1) An unspecified error can be exploited to gain unauthorized access to certain files. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 9.00 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02643 SSRT100416: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02729035 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 11:32:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 20:32:18 +0200 Subject: [SEC] [SA44186] HP Network Node Manager i Java Double Literal Denial of Service Vulnerability Message-ID: <201104161832.p3GIWImO023166@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44186 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged a vulnerability in Network Node Manager i, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 8.1x and 9.0x running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply Hotfixes. Please contact HP Services support channel for details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02642 SSRT100415: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02746026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 12:30:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 21:30:46 +0200 Subject: [SEC] [SA44129] Xceed Zip Compression Library Buffer Overflow Vulnerability Message-ID: <201104161930.p3GJUkXK013570@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Xceed Zip Compression Library Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44129 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Xceed Zip Compression Library, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a boundary error when processing certain ZIP archives. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted ZIP archive in an application using the library. The vulnerability is confirmed in version 6.5.10316.0 (DLL). Other versions may also be affected. SOLUTION: Do not open untrusted ZIP archives in an application using the library. PROVIDED AND/OR DISCOVERED BY: Variant of a vulnerability originally reported in Vallen Zipper by C4SS!0 G0M3S. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17145/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 13:30:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 22:30:57 +0200 Subject: [SEC] [SA44171] QianBo Enterprise Web Site Management System "Keyword" Cross-Site Scripting Vulnerability Message-ID: <201104162030.p3GKUvsm004035@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: QianBo Enterprise Web Site Management System "Keyword" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44171 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in QianBo Enterprise Web Site Management System, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Keyword" parameter in Search.Asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: d3c0der OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 14:25:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 23:25:03 +0200 Subject: [SEC] [SA44121] Microsoft Reader Multiple Vulnerabilities Message-ID: <201104162125.p3GLP3Vf026654@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Microsoft Reader Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44121 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44121/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44121 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44121/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44121/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44121 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in Microsoft Reader, which can be exploited by malicious people to compromise a user's system. 1) An error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file. 2) An integer underflow error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file. 3) An input validation error in aud_file.dll when processing certain Audible Audio content can be exploited to write a NULL byte to an arbitrary memory location via a specially crafted AA (".aa") file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 2.1.1.3143. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/msreader_2-adv.txt http://aluigi.altervista.org/adv/msreader_3-adv.txt http://aluigi.altervista.org/adv/msreader_5-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 14:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Apr 2011 23:46:07 +0200 Subject: [SEC] [SA44140] WooThemes "Live Wire" and "Gazette Edition" WordPress Themes Multiple Vulnerabilities Message-ID: <201104162146.p3GLk7LP015377@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: WooThemes "Live Wire" and "Gazette Edition" WordPress Themes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44140 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44140/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44140 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44140/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44140/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44140 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues and two vulnerabilities have been reported in WooThemes "Live Wire" and "Gazette Edition" WordPress themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). The security issues and vulnerabilities are caused due to a bundled, vulnerable version of TimThumb. For more information: SA44126 The vulnerabilities are reported in the following products and versions: * Live Wire version 2.3.1 and prior. * Gazette Edition version 2.9.4 and prior. SOLUTION: Update to the respective latest version. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/100238/livewire-xssdos.txt http://packetstormsecurity.org/files/view/100293/gazette-xssdos.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 16 15:11:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Apr 2011 00:11:23 +0200 Subject: [SEC] [SA44126] TimThumb Cross-Site Scripting and Denial of Service Vulnerabilities Message-ID: <201104162211.p3GMBNIM004275@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: TimThumb Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44126 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues and two vulnerabilities have been reported in TimThumb, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Input passed to the "src" parameter in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input passed to the URL query string in timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application handles overly large remote image data improperly, which can be exploited to cause a DoS. 4) The application processes overly large image dimensions being passed to the image resizing functionality improperly, which can be exploited to cause a DoS. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: 1) A TimThumb customer within a bug report. 2-4) Disclosed in SVN commits. ORIGINAL ADVISORY: timthumb Google Code: http://code.google.com/p/timthumb/issues/detail?id=49 http://code.google.com/p/timthumb/source/detail?r=88 http://code.google.com/p/timthumb/source/detail?r=114 http://code.google.com/p/timthumb/source/detail?r=123 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 10:31:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 19:31:15 +0200 Subject: [SEC] [SA44174] Joomla Facebook Graph Connect Component Information Disclosure Vulnerability Message-ID: <201104181731.p3IHVFaZ011104@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Joomla Facebook Graph Connect Component Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA44174 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44174/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44174 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44174/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44174/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44174 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Facebook Graph Connect component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error within an installation script and can be exploited to disclose certain information about the installed component. The vulnerability is reported in version 1.3 to 1.5(L & U). SOLUTION: Update to version 1.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.sikkimonline.info/fbgconnect-download/category/1-sikkimonline-downloads OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 11:31:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 20:31:02 +0200 Subject: [SEC] [SA44172] Wireshark Denial of Service and Buffer Overflow Vulnerabilities Message-ID: <201104181831.p3IIV2Rv001508@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Wireshark Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA44172 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44172/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44172 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44172/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44172/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44172 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A use-after-free error within the X.509if dissector can be exploited to cause a crash via specially crafted packets. This vulnerability is reported in versions 1.2.0 through 1.2.15 and 1.4.0 through 1.4.4. 2) A data type mismatch error in epan/dissectors/packet-nfs.c (NFS dissector) can be exploited to cause a crash via specially crafted packets. This vulnerability is reported in versions 1.4.0 through 1.4.4 for Windows only. 3) An error in the DECT dissector can be exploited to cause a buffer overflow via specially crafted packets. Successful exploitation of this vulnerability may allow execution of arbitrary code. This vulnerability is reported in versions 1.4.0 through 1.4.4 running on multiple platforms. SOLUTION: Update to version 1.2.16 and 1.4.5. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) The vendor credits Paul Makowski, SEI/CERT. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2011-05.html http://www.wireshark.org/security/wnpa-sec-2011-06.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 12:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 21:31:36 +0200 Subject: [SEC] [SA44124] KDE KGet Directory Traversal Vulnerability Message-ID: <201104181931.p3IJVapY024457@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: KDE KGet Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA44124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44124 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in KDE, which can be exploited by malicious people to compromise a user's system. KGet does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Note: This is caused due to an incomplete fix for SA39528. The vulnerability is reported in version 4.6.2. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Disclosed in SVN commits. ORIGINAL ADVISORY: KDE: http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471 Launchpad Bug#757526: https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 13:30:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 22:30:58 +0200 Subject: [SEC] [SA44190] SUSE update for kernel Message-ID: <201104182030.p3IKUwSo014908@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA44190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44190 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS, and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA41321 SA41440 SA42061 SA42126 SA42176 SA42372 SA42570 SA42684 SA42765 SA43009 SA43291 SA43358 SA43594 SA43806 SA43846 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0346-1: https://hermes.opensuse.org/messages/8086845 SUSE-SA:2011:017: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 14:24:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 23:24:51 +0200 Subject: [SEC] [SA44241] SUSE update for sysconfig Message-ID: <201104182124.p3ILOp9j005091@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for sysconfig SECUNIA ADVISORY ID: SA44241 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44241/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44241 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44241/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44241/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44241 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for sysconfig. This fixes a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information. The weakness is caused due to the ifcfg files (e.g. /etc/sysconfig/network/ifcfg-wlan0) being changed to world-readable during a fillup run, which can be exploited to e.g. disclose the password. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:0344-1: https://hermes.opensuse.org/messages/8086857 openSUSE-SU-2011:0353-1: https://hermes.opensuse.org/messages/8086916 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 14:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Apr 2011 23:45:50 +0200 Subject: [SEC] [SA44179] SUSE update for dhcp6 Message-ID: <201104182145.p3ILjovj026210@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for dhcp6 SECUNIA ADVISORY ID: SA44179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44179 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dhcp6. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0305-5: https://hermes.opensuse.org/messages/8086792 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 15:10:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 00:10:52 +0200 Subject: [SEC] [SA44173] SUSE update for libmodplug Message-ID: <201104182210.p3IMAqSV015119@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for libmodplug SECUNIA ADVISORY ID: SA44173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44173 RELEASE DATE: 2011-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/44173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA44054 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0350-1: https://hermes.opensuse.org/messages/8086915 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 15:45:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 00:45:47 +0200 Subject: [SEC] [SA44181] SUSE update for krb5 Message-ID: <201104182245.p3IMjll2004447@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for krb5 SECUNIA ADVISORY ID: SA44181 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44181/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44181 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44181/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44181/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44181 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44125 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0348-1: https://hermes.opensuse.org/messages/8086843 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 16:11:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 01:11:35 +0200 Subject: [SEC] [SA44169] SUSE update for wireshark Message-ID: <201104182311.p3INBZOr025800@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SUSE update for wireshark SECUNIA ADVISORY ID: SA44169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44169 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43554 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0347-1: https://hermes.opensuse.org/messages/8086844 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 16:45:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 01:45:37 +0200 Subject: [SEC] [SA44223] Skype for Android Insecure File Permissions Weakness Message-ID: <201104182345.p3INjbYO015119@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Skype for Android Insecure File Permissions Weakness SECUNIA ADVISORY ID: SA44223 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44223 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44223/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44223/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44223 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Justin Case has reported a weakness in Skype for Android, which can be exploited by malicious people to gain access to sensitive information. The weakness is caused due to the application setting insecure permissions for files, which contain cached profile information and instant messages and can be exploited to disclose or manipulate stored information. Successful exploitation may require tricking a user into installing a malicious application. SOLUTION: Do not install applications from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Justin Case ORIGINAL ADVISORY: Skype: http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html Justin Case: http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 17:13:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 02:13:45 +0200 Subject: [SEC] [SA44239] Fedora update for tmux Message-ID: <201104190013.p3J0DjAn004138@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for tmux SECUNIA ADVISORY ID: SA44239 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44239/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44239 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44239/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44239/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44239 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA44081 SOLUTION: Apply updated packages using the yum utility ("yum update tmux"). ORIGINAL ADVISORY: FEDORA-2011-5167: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 17:45:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 02:45:41 +0200 Subject: [SEC] [SA44104] Thunar "thunar_transfer_job_copy_node()" Format String Vulnerability Message-ID: <201104190045.p3J0jfpp025771@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Thunar "thunar_transfer_job_copy_node()" Format String Vulnerability SECUNIA ADVISORY ID: SA44104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44104 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Thunar, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format sting error within the "thunar_transfer_job_copy_node()" function in thunar/thunar-transfer-job.c when handling filenames containing format specifiers. This can be exploited by e.g. tricking a user into copying a malicious named file. The vulnerability is confirmed in version 1.3.0. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 18:10:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 03:10:28 +0200 Subject: [SEC] [SA44238] Fedora update for libmodplug Message-ID: <201104190110.p3J1ASNN014663@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for libmodplug SECUNIA ADVISORY ID: SA44238 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44238/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44238 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44238/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44238/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44238 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA44054 SOLUTION: Apply updated packages using the yum utility ("yum update libmodplug"). ORIGINAL ADVISORY: FEDORA-2011-5204: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058368.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 18:24:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 03:24:51 +0200 Subject: [SEC] [SA44219] MyBB Information Disclosure and SQL Injection Vulnerabilities Message-ID: <201104190124.p3J1Oppq003048@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: MyBB Information Disclosure and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44219 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44219/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44219 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44219/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44219/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44219 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been discovered in MyBB, which can be exploited by malicious people to disclose certain sensitive information and conduct SQL injection attacks. 1) The application incorrectly handles malformed SQL queries. This can be exploited to disclose certain sensitive information via SQL error messages by performing a "standard" search. 2) Input passed via the "mybb[forumread]" cookie parameter to showthread.php (when the "action" parameter is set to "newpost") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.6.2 and reported in version 1.4.15. Prior versions may also be affected. SOLUTION: Update to version 1.6.3 or 1.4.16. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits thebod. ORIGINAL ADVISORY: MyBB: http://blog.mybb.com/2011/04/17/mybb-1-6-3-and-1-4-16-security-update/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 18:45:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 03:45:50 +0200 Subject: [SEC] [SA44224] Perl Jifty::DBI SQL Injection Vulnerabilities Message-ID: <201104190145.p3J1joqs024190@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Perl Jifty::DBI SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44224 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44224/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44224 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44224/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44224/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44224 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Perl Jifty::DBI, which can be exploited by malicious people to conduct SQL injection attacks. Certain input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code. The vulnerabilities are reported in versions prior to 0.68. SOLUTION: Update to version 0.68. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes http://lists.jifty.org/pipermail/jifty-devel/2011-April/002424.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 19:17:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 04:17:33 +0200 Subject: [SEC] [SA44051] Mojolicious Directory Traversal Vulnerability Message-ID: <201104190217.p3J2HXcl013862@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Mojolicious Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA44051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44051 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mojolicious, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is reported in versions prior to 1.16. SOLUTION: Update to version 1.16. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Viacheslav Tykhanovskyi ORIGINAL ADVISORY: https://github.com/kraih/mojo/issues/114 http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 18 19:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 04:45:51 +0200 Subject: [SEC] [SA44240] Fedora update for proftpd Message-ID: <201104190245.p3J2jpiT002886@CRON-IX-2.intnet> ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Fedora update for proftpd SECUNIA ADVISORY ID: SA44240 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44240/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44240 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44240/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44240/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44240 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA43234 SOLUTION: Apply updated packages using the yum utility ("yum update proftpd"). ORIGINAL ADVISORY: FEDORA-2011-5033: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html FEDORA-2011-5040: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 10:31:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 19:31:30 +0200 Subject: [SEC] [SA44236] RSA Adaptive Authentication Cross-Site Scripting Vulnerability Message-ID: <201104191731.p3JHVUFP030572@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: RSA Adaptive Authentication Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44236 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44236/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44236 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44236/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44236/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44236 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RSA Adaptive Authentication, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to an unspecified Flash Shockwave file is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 2.x, 5.7.x, and 6.x. SOLUTION: Apply hotfix from RSA SecurCare Online. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RSA: http://archives.neohapsis.com/archives/bugtraq/2011-04/att-0169/ESA-2011-014.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 11:31:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 20:31:11 +0200 Subject: [SEC] [SA44230] HP Network Node Manager i Unspecified Security Bypass Vulnerability Message-ID: <201104191831.p3JIVBwL021030@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Unspecified Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44230 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44230/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44230 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44230/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44230/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44230 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Network Node Manager i, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to gain unauthorized access to NNMi processes. The vulnerability is reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows platforms. SOLUTION: Apply patch and install hotfix QCCR1B87364. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02659 SSRT100440: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 12:31:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 21:31:06 +0200 Subject: [SEC] [SA44176] Ubuntu update for kdenetwork Message-ID: <201104191931.p3JJV6aG011502@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for kdenetwork SECUNIA ADVISORY ID: SA44176 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44176/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44176 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44176/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44176/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44176 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA44124 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1114-1: http://www.ubuntu.com/usn/usn-1114-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 13:30:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 22:30:53 +0200 Subject: [SEC] [SA44195] Ubuntu update for postfix Message-ID: <201104192030.p3JKUrIL001918@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for postfix SECUNIA ADVISORY ID: SA44195 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44195/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44195 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44195/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44195/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44195 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data. For more information: SA43646 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1113-1: http://www.ubuntu.com/usn/usn-1113-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 14:24:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 23:24:40 +0200 Subject: [SEC] [SA44237] EMC NetWorker Insecure File Permissions Privilege Escalation Security Issue Message-ID: <201104192124.p3JLOeCm024570@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: EMC NetWorker Insecure File Permissions Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA44237 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44237/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44237 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44237/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44237/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44237 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in EMC NetWorker, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an unspecified file having insecure file permissions. This can be exploited to execute arbitrary code with elevated privileges. Successful exploitation requires the environment to utilise a client push. The security issue is reported in versions 7.5.x and 7.6.x. SOLUTION: Update to version 7.5.4.3 or 7.6.1.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Stefan Wuensch, Harvard University. ORIGINAL ADVISORY: EMC: http://archives.neohapsis.com/archives/bugtraq/2011-04/att-0168/ESA-2011-013.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 14:45:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Apr 2011 23:45:47 +0200 Subject: [SEC] [SA44167] Debian update for xmlsec1 Message-ID: <201104192145.p3JLjlQJ013289@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for xmlsec1 SECUNIA ADVISORY ID: SA44167 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44167/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44167 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44167/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44167/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44167 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xmlsec1. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43920 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2219-1: http://www.debian.org/security/2011/dsa-2219 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 15:10:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 00:10:32 +0200 Subject: [SEC] [SA44217] Joomla! Akeeba Backup Component Information Disclosure and Denial of Service Vulnerabilities Message-ID: <201104192210.p3JMAWL1002122@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla! Akeeba Backup Component Information Disclosure and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44217 RELEASE DATE: 2011-04-19 DISCUSS ADVISORY: http://secunia.com/advisories/44217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in the Akeeba Backup component for Joomla!, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). 1) An unspecified error can be exploited to disclose the folder structure of a vulnerable system. No further information is currently available. 2) An unspecified error can be exploited to exhaust disk space of a vulnerable system and cause a crash. No further information is currently available. The vulnerabilities are reported in versions prior to 3.2.7. SOLUTION: Update to version 3.2.7. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeff Channel. ORIGINAL ADVISORY: Akeeba Backup Release Note: https://www.akeebabackup.com/home/item/1091-akeeba-backup-3-2-7.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 15:26:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 00:26:33 +0200 Subject: [SEC] [SA44199] SoftXMLCMS Arbitrary File Upload Vulnerability Message-ID: <201104192226.p3JMQX7O023078@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SoftXMLCMS Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA44199 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44199/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44199 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44199/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44199/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44199 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SoftXMLCMS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the XMLEditor2.0/uploadfile1.asp script improperly verifying uploaded file types. This can be exploited to upload an ASP file and execute arbitrary ASP code. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: *Alexander* OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 15:45:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 00:45:52 +0200 Subject: [SEC] [SA44202] IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities Message-ID: <201104192245.p3JMjqED011722@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44202 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44202/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44202 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44202/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44202/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44202 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in IBM Lotus Symphony, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Update to version 3.0.0 Fix Pack 2. ORIGINAL ADVISORY: https://www.ibm.com/support/docview.wss?uid=swg21496070 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 16:11:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 01:11:34 +0200 Subject: [SEC] [SA43944] SQL-Ledger "file" Directory Traversal and File Manipulation Vulnerabilities Message-ID: <201104192311.p3JNBYOd000603@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SQL-Ledger "file" Directory Traversal and File Manipulation Vulnerabilities SECUNIA ADVISORY ID: SA43944 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43944/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43944 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/43944/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43944/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43944 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in SQL-Ledger, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and compromise a vulnerable system. 1) Input passed via the "file" parameter to am.pl (when "login" is set, "type" is set to "template", "path" is set to "bin/mozilla", and "action" is set to "Edit") is not properly verified in SL/AM.pm before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) Input passed via the "file" parameter to am.pl (when "login" is set, "type" is set to "template", "path" is set to "bin/mozilla", "action" is set to "Save", and "body" is set to arbitrary code) is not properly verified in SL/AM.pm before editing arbitrary files. This can be exploited to execute arbitrary Perl code by editing arbitrary Perl files. The vulnerabilities are confirmed in version 2.8.33. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: bitform ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17174/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 16:45:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 01:45:47 +0200 Subject: [SEC] [SA44235] WordPress Mimbo Pro Theme Cross-Site Scripting and Denial of Service Vulnerabilities Message-ID: <201104192345.p3JNjlMV022384@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Mimbo Pro Theme Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44235 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44235/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44235 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44235/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44235/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44235 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues and two vulnerabilities have been reported in the Mimbo Pro theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). The security issues and vulnerabilities are caused due to a bundled, vulnerable version of TimThumb. For more information: SA44126 SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4913/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 17:13:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 02:13:57 +0200 Subject: [SEC] [SA44242] Red Hat update for libtiff Message-ID: <201104200013.p3K0DvPI011439@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for libtiff SECUNIA ADVISORY ID: SA44242 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44242/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44242 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44242/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44242/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44242 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0452-1: https://rhn.redhat.com/errata/RHSA-2011-0452.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 17:45:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 02:45:57 +0200 Subject: [SEC] [SA44243] Red Hat update for flash-plugin Message-ID: <201104200045.p3K0jvQn000590@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA44243 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44243/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44243 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44243/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44243/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44243 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44119 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0451-1: https://rhn.redhat.com/errata/RHSA-2011-0451.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 18:10:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 03:10:39 +0200 Subject: [SEC] [SA44222] Slackware update for acl Message-ID: <201104200110.p3K1Ad5S021938@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Slackware update for acl SECUNIA ADVISORY ID: SA44222 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44222/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44222 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44222/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44222/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44222 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for acl. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA37907 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-108-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.480314 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 18:24:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 03:24:49 +0200 Subject: [SEC] [SA44200] rdesktop Disk Redirection Directory Traversal Vulnerability Message-ID: <201104200124.p3K1OniB010348@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: rdesktop Disk Redirection Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA44200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44200 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error within the disk redirection feature, which can be exploited to manipulate files outside of the intended root folder via directory traversal attacks by e.g. tricking a user into connecting to a malicious server. The vulnerability is reported in versions prior to 1.7.0. SOLUTION: Update to version 1.7.0. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Noam Rathaus, Beyond Security. ORIGINAL ADVISORY: rdesktop: http://sourceforge.net/mailarchive/message.php?msg_id=27376554 http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 18:45:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 03:45:44 +0200 Subject: [SEC] [SA44178] SUSE update for OpenOffice_org Message-ID: <201104200145.p3K1ji4k031477@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for OpenOffice_org SECUNIA ADVISORY ID: SA44178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44178 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for OpenOffice_org. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updated packages via the zypper package manager. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: openSUSE-SU-2011:0336-1: https://hermes.opensuse.org/messages/8086783 openSUSE-SU-2011:0337-1: https://hermes.opensuse.org/messages/8086782 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 19:21:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 04:21:14 +0200 Subject: [SEC] [SA44115] SUSE update for nbd Message-ID: <201104200221.p3K2LEwL022489@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for nbd SECUNIA ADVISORY ID: SA44115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44115 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for nbd. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. For more information: SA18135 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0343-1: https://hermes.opensuse.org/messages/8086862 openSUSE-SU-2011:0193-2: https://hermes.opensuse.org/messages/8086846 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 19 19:46:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 04:46:52 +0200 Subject: [SEC] [SA44233] Fedora update for dhcp Message-ID: <201104200246.p3K2kq64011418@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA44233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44233 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA43006 SA44037 SOLUTION: Apply updated packages using the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2011-0848: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058455.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 10:32:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 19:32:01 +0200 Subject: [SEC] [SA44261] IBM Tivoli Netview for z/OS Java Double Literal Denial of Service Message-ID: <201104201732.p3KHW1pV006682@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM Tivoli Netview for z/OS Java Double Literal Denial of Service SECUNIA ADVISORY ID: SA44261 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44261/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44261 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44261/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44261/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44261 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in Tivoli Netview for z/OS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in versions 5.2.0, 5.3.0, and 5.4.0. SOLUTION: Fixes are scheduled for to be available on April 21, 2011. ORIGINAL ADVISORY: https://www-304.ibm.com/support/docview.wss?uid=swg1OA35932 https://www-304.ibm.com/support/docview.wss?uid=swg21469285 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 11:32:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 20:32:19 +0200 Subject: [SEC] [SA44277] Oracle E-Business Suite Multiple Vulnerabilities Message-ID: <201104201832.p3KIWJ9K029552@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle E-Business Suite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44277 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44277/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44277 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44277/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44277/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44277 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to disclose potentially sensitive information, and by malicious people to disclose potentially sensitive information and manipulate certain data. 1) An unspecified error in the Data Export component can be exploited to disclose certain information. 2) An unspecified error in the Web ADI component can be exploited to manipulate certain data. 3) An unspecified error in the Applications Install component can be exploited by authenticated users to disclose certain information. 4) An unspecified error in the Applications Install component can be exploited by local users to escalate privileges and disclose certain information. The vulnerabilities are reported in the following products: * Oracle E-Business Suite Release 12 versions 12.0.6, 12.1.1, 12.1.2, and 12.1.3. * Oracle E-Business Suite Release 11i version 11.5.10.2. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixEBS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 12:31:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 21:31:29 +0200 Subject: [SEC] [SA44305] Sun OpenSSO Enterprise and Java System Access Manager Two Vulnerabilities Message-ID: <201104201931.p3KJVTkq020006@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sun OpenSSO Enterprise and Java System Access Manager Two Vulnerabilities SECUNIA ADVISORY ID: SA44305 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44305/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44305 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44305/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44305/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44305 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Sun OpenSSO Enterprise and Java System Access Manager, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to manipulate certain data. 1) An unspecified error in the Authentication component can be exploited to manipulate certain data. 2) An unspecified error in the Authentication component can be exploited by authenticated users to disclose certain information. The vulnerabilities are reported in the following products: * Sun OpenSSO Enterprise 8.0 * Sun Java System Access Manager 7.1 SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 13:33:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 22:33:13 +0200 Subject: [SEC] [SA44283] Oracle Solaris Multiple Vulnerabilities Message-ID: <201104202033.p3KKXDrs010550@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44283 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44283/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44283 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44283/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44283/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44283 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Solaris, which can be exploited by malicious, local users to gain escalated privileges, disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service). 1) An unspecified error in the Administration Utilities component can be exploited by local users to escalate privileges and disclose certain data. 2) An unspecified error in the kernel can be exploited to cause a DoS via specially crafted Stream Control Transmission Protocol (SCTP) packets. 3) An unspecified error in the kernel can be exploited by local users to cause a DoS. 4) An unspecified error in the SPARC kernel can be exploited by local users to cause a DoS. 5) A second unspecified error in the kernel can be exploited by local users to cause a DoS. 6) An unspecified error in the Loopback File System (LOFS) can be exploited by local users to cause a DoS. 7) An unspecified error in the cp utility can be exploited by local users to disclose and manipulate certain data. 8) An unspecified error in the uucp utility can be exploited by local users to escalate privileges and disclose and manipulate certain data. 9) An unspecified error in the wbem component can be exploited by local users to disclose certain data. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 14:26:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 23:26:19 +0200 Subject: [SEC] [SA44303] Oracle iPlanet Web Server Java Double Literal Parsing Denial of Service Vulnerability Message-ID: <201104202126.p3KLQJvk000666@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle iPlanet Web Server Java Double Literal Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44303 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Oracle iPlanet Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 The vulnerability is reported versions 6.1 and 7.0. SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 14:46:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Apr 2011 23:46:23 +0200 Subject: [SEC] [SA44253] fail2ban Insecure Default Temporary Files Weakness Message-ID: <201104202146.p3KLkNjA021798@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: fail2ban Insecure Default Temporary Files Weakness SECUNIA ADVISORY ID: SA44253 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44253/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44253 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44253/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44253/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44253 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses have been reported in fail2ban, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The weaknesses are caused due to the dshield, mail-buffered, sendmail-buffered, and mynetwatchman actions using insecure temporary files by default, which can be exploited to e.g. append data to arbitrary files via symlink attacks. The weaknesses are reported in version 0.8.4. Other versions may also be affected. SOLUTION: Change the "tmpfile" option in the affected actions to a trusted directory. PROVIDED AND/OR DISCOVERED BY: Reported by Tomasz Papszun in a Debian bug. ORIGINAL ADVISORY: Debian Bug #544232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 15:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 00:11:06 +0200 Subject: [SEC] [SA44301] Oracle Communications Messaging Server "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201104202211.p3KMB6e3010698@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Communications Messaging Server "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA44301 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44301/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44301 RELEASE DATE: 2011-04-20 DISCUSS ADVISORY: http://secunia.com/advisories/44301/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44301/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44301 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Communications Messaging Server, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation within the SMTP, IMAP, and POP servers not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. For more information: SA43646 The vulnerability is reported in the following products: * Oracle Communications Messaging Exchange Server 7.0 * Sun Java System Messaging Server 6.3 SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 15:48:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 00:48:04 +0200 Subject: [SEC] [SA44111] Microsiga Protheus Memory Corruption Vulnerability Message-ID: <201104202248.p3KMm4BY032536@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Microsiga Protheus Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA44111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44111 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fl?vio do Carmo J?nior has reported a vulnerability in Microsiga Protheus, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error, which can be exploited to cause a memory corruption by sending specially crafted packets. The vulnerability is reported in Microsiga Protheus 8 (20081215030344) and Microsiga Protheus 10 (20100812040605). Other versions may also be affected. SOLUTION: Reportedly, the vendor has issued a fixed version. PROVIDED AND/OR DISCOVERED BY: Fl?vio do Carmo J?nior, DcLabs Security Research Group ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-04/0208.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 16:14:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 01:14:01 +0200 Subject: [SEC] [SA44279] Oracle JD Edwards EnterpriseOne Tools Multiple Vulnerabilities Message-ID: <201104202314.p3KNE13S021489@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle JD Edwards EnterpriseOne Tools Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44279 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44279/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44279 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44279/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44279/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44279 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle JD Edwards EnterpriseOne Tools, which can be exploited by malicious people to conduct cross-site scripting attacks, manipulate data, gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. 1) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to potentially compromise a vulnerable system. 2) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to disclose and manipulate certain data. 3) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to manipulate certain data and cause a DoS. 4) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to cause a DoS. 5) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to cause a DoS. 6) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to manipulate certain data. 7) An unspecified error in the Enterprise Infrastructure SEC component can be exploited to manipulate certain data. 8) Input passed to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 8) Juan Manuel Garcia, CYBSEC Labs. It is currently unclear who reported the other vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporters provide more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixJDE CYBSEC Labs: http://archives.neohapsis.com/archives/fulldisclosure/current/0322.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 16:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 01:46:27 +0200 Subject: [SEC] [SA44302] Sun Java Dynamic Management Kit Unspecified Vulnerability Message-ID: <201104202346.p3KNkRbs010726@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sun Java Dynamic Management Kit Unspecified Vulnerability SECUNIA ADVISORY ID: SA44302 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44302/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44302 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44302/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44302/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44302 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sun Java Dynamic Management Kit, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an unspecified error in the HTML Adaptor component. No further information is currently available. The vulnerability is reported in version 5.1. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 17:14:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 02:14:47 +0200 Subject: [SEC] [SA44300] Sun GlassFish Enterprise Server and Java System Application Server Authentication Bypass Message-ID: <201104210014.p3L0El0x032176@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sun GlassFish Enterprise Server and Java System Application Server Authentication Bypass SECUNIA ADVISORY ID: SA44300 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44300/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44300 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44300/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44300/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44300 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sun GlassFish Enterprise Server and Java System Application Server, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. The vulnerability is caused due to an error when handling exceptions in the Web Administration component. This can be exploited to bypass the authentication mechanism via specially crafted HTTP GET requests sent to TCP port 4848. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in the following products: * Sun GlassFish Enterprise Server 2.1 and 2.1.1 * Sun GlassFish Enterprise Server 3.0.1 * Sun Java System Application Server 9.1 SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Jason Bowes via ZDI. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-137/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 17:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 02:46:26 +0200 Subject: [SEC] [SA44288] Sun Java System Access Manager Policy Agent Two Vulnerabilities Message-ID: <201104210046.p3L0kQow021380@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sun Java System Access Manager Policy Agent Two Vulnerabilities SECUNIA ADVISORY ID: SA44288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44288 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Sun Java System Access Manager Policy Agent, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error exists in NSS within the regular expression parser and can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #1 in: SA36093 2) An unspecified error in the Web Proxy Agent component can be exploited to cause a DoS. The vulnerabilities are reported in version 2.2. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported vulnerability #2 as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://blogs.sun.com/security/entry/cve_2009_2404_vulnerability_in http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 18:11:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 03:11:37 +0200 Subject: [SEC] [SA44297] Oracle PeopleSoft Enterprise HRMS Multiple Vulnerabilities Message-ID: <201104210111.p3L1BbZd010299@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise HRMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44297 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise HRMS, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. 1) An unspecified error in the ePerformance component can be exploited to disclose and manipulate certain data. 2) A second unspecified error in the ePerformance component can be exploited to disclose and manipulate certain data. 3) An unspecified error in the Pension Administration component can be exploited to disclose and manipulate certain data. 4) An unspecified error in the Talent Acquisition Manager component can be exploited to disclose and manipulate certain data. 5) An unspecified error in the Global Payroll North America component can be exploited to disclose and manipulate certain data. 6) An unspecified error in the Global Payroll Spain component can be exploited to disclose and manipulate certain data. 7) An unspecified error in the Global Payroll Core component can be exploited to disclose and manipulate certain data. The vulnerabilities are reported in versions 9.0 Bundle #15, 9.1 Bundle #5, 9.0 Tax Update 11-B, 9.1 Tax Update 11-B, 9.0 Update 2011-B, and 9.1 Update 20111-B. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixPS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 18:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 03:46:26 +0200 Subject: [SEC] [SA44249] DAlbum Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities Message-ID: <201104210146.p3L1kQc5032036@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: DAlbum Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44249 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44249/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44249 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44249/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44249/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44249 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in DAlbum, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. 2) Input passed to the "url" parameter in editini.php (when "album" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.43 build 173. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22941: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_dalbum.html HTB22943: http://www.htbridge.ch/advisory/xss_in_dalbum.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 19:16:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 04:16:56 +0200 Subject: [SEC] [SA44298] Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities Message-ID: <201104210216.p3L2GuqP021681@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44298 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44298/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44298 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44298/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44298/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44298 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. 1) An unspecified error in the File Processing component can be exploited to disclose certain information. 2) An unspecified error can be exploited to manipulate certain data. 2) A second unspecified error can be exploited to manipulate certain data. The vulnerabilities are reported in versions 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixPS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 19:46:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 04:46:31 +0200 Subject: [SEC] [SA44220] Linux Kernel "bcm_release()" NULL Pointer Dereference Vulnerability Message-ID: <201104210246.p3L2kVVB010786@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Linux Kernel "bcm_release()" NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA44220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44220 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error within the "bcm_release()" function in net/can/bcm.c, which can be exploited to e.g. cause a kernel crash. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Dave Jones ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 20:11:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 05:11:44 +0200 Subject: [SEC] [SA44212] SUSE "/etc/init.d/kbd" Security Issue Message-ID: <201104210311.p3L3BikI032098@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE "/etc/init.d/kbd" Security Issue SECUNIA ADVISORY ID: SA44212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44212 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a security issue in kbd, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the /etc/init.d/kbd script creating the /dev/shm/defkeymap.map file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: Novell Bug #663898: https://bugzilla.novell.com/show_bug.cgi?id=663898 openSUSE-SU-2011:0357-1: https://hermes.opensuse.org/messages/8136211 SUSE-SU-2011:0371-1: https://hermes.opensuse.org/messages/8138642 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 20:46:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 05:46:22 +0200 Subject: [SEC] [SA44214] Ubuntu language-selector Security Bypass Vulnerability Message-ID: <201104210346.p3L3kMWK021446@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu language-selector Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44214 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has acknowledged a vulnerability in language-selector, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to insufficient access restrictions to certain D-Bus interfaces, which can be exploited to inject and execute arbitrary shell commands with root privileges. SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Romain Perier ORIGINAL ADVISORY: USN-1115-1: http://www.ubuntu.com/usn/usn-1115-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 21:11:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 06:11:58 +0200 Subject: [SEC] [SA44299] Oracle PeopleSoft Enterprise Applications Portal Two Vulnerabilities Message-ID: <201104210411.p3L4BwgA010388@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise Applications Portal Two Vulnerabilities SECUNIA ADVISORY ID: SA44299 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44299/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44299 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44299/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44299/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44299 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Oracle PeopleSoft Enterprise Applications Portal, which can be exploited by malicious users and people to manipulate certain data. 1) An unspecified error in the Application Portal component can be exploited to manipulate certain data. This vulnerability is reported in version 8.8 Bundle #13. 2) A second unspecified error in the Application Portal component can be exploited by authenticated users to manipulate certain data. This vulnerability is reported in versions 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixPS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 21:47:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 06:47:22 +0200 Subject: [SEC] [SA44247] WordPress Universal Post Manager Plugin Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201104210447.p3L4lMLU032148@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Universal Post Manager Plugin Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44247 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44247/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44247 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44247/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44247/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44247 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in the Universal Post Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "num" parameter in wp-content/plugins/universal-post-manager/template/email_screen_1.php and wp-content/plugins/universal-post-manager/template/email_screen_2.php and the "number" parameter in /wp-content/plugins/universal-post-manager/template/bookmarks_slider_h.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 2) Input passed via the "qid" parameter to wp-content/plugins/universal-post-manager/includes/poll_logs.php and the "PID" parameter to wp-content/plugins/universal-post-manager/includes/poll_result.php (when "do" is set to "result") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.0.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22938: http://www.htbridge.ch/advisory/multiple_xss_in_universal_post_manager_wordpress_plugin.html HTB22939: http://www.htbridge.ch/advisory/multiple_sql_injection_in_universal_post_manager_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 20 22:11:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 07:11:43 +0200 Subject: [SEC] [SA44296] Oracle PeopleSoft Enterprise Learning Management Unspecified Vulnerability Message-ID: <201104210511.p3L5BhFe021022@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise Learning Management Unspecified Vulnerability SECUNIA ADVISORY ID: SA44296 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44296/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44296 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44296/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44296/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44296 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle PeopleSoft Enterprise Learning Management, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions 9.0 Bundle #19 and 9.1 Bundle #5. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixPS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 10:31:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 19:31:40 +0200 Subject: [SEC] [SA44275] WooThemes ExpressionEngine Themes Multiple Vulnerabilities Message-ID: <201104211731.p3LHVedS003949@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WooThemes ExpressionEngine Themes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44275 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44275/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44275 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44275/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44275/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44275 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues and two vulnerabilities have been reported in WooThemes "Bueno", "City Guide", "Coffee Break", "Daily Edition", "Delegate", "Fresh News", "Headlines", "Inspire", "Optimize", "Over Easy", and "The Station" ExpressionEngine themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). The security issues and vulnerabilities are caused due to a bundled, vulnerable version of TimThumb. For more information: SA44126 SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4985/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 11:32:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 20:32:23 +0200 Subject: [SEC] [SA44194] Atlassian Confluence Two Cross-Site Scripting Vulnerabilities Message-ID: <201104211832.p3LIWN8t026881@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Atlassian Confluence Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44194 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Atlassian Confluence, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "{doc}" macro is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "{toc}" macro is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Vulnerability #1 is reported in version 2.7 and vulnerability #2 is reported in version 2.9. Other versions may also be affected. SOLUTION: Upgrade to version 3.4.9. PROVIDED AND/OR DISCOVERED BY: The vendor credits dave b. ORIGINAL ADVISORY: Atlassian Software Systems (CONF-21508, CONF-21819): http://jira.atlassian.com/browse/CONF-21508 http://jira.atlassian.com/browse/CONF-21819 http://confluence.atlassian.com/x/HgdrDQ http://confluence.atlassian.com/x/MgCzDQ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 12:31:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 21:31:38 +0200 Subject: [SEC] [SA44229] IBM DB2 Two Vulnerabilities Message-ID: <201104211931.p3LJVc4U017325@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM DB2 Two Vulnerabilities SECUNIA ADVISORY ID: SA44229 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44229/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44229 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44229/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44229/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44229 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM DB2, which can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error in the Relational Data Services component can be exploited to update statistics for tables without the appropriate privileges. 2) An error in the Relational Data Services component may grant users privileges to execute non-DDL statements after role membership has been revoked from its group. The vulnerabilities are reported in version 9.7. Other versions may also be affected. SOLUTION: Update to version 9.5 Fix Pack 7 or 9.7 Fix Pack 4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg1IC71413 http://www.ibm.com/support/docview.wss?uid=swg1IC71263 http://www.ibm.com/support/docview.wss?uid=swg1IC72119 http://www.ibm.com/support/docview.wss?uid=swg1IC71375 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 13:31:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 22:31:46 +0200 Subject: [SEC] [SA44316] Red Hat Update for JBoss Products Message-ID: <201104212031.p3LKVkQG007826@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat Update for JBoss Products SECUNIA ADVISORY ID: SA44316 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44316/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44316 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44316/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44316/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44316 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise SOA Platform and JBoss Enterprise Application Platform. This fixes a weakness, which can be exploited by malicious people to compromise a vulnerable system. The weakness is caused due to JBoss Seam 2 not properly restricting access to JBoss Expression Language constructs when handling page exceptions, which can be exploited to execute arbitrary code via specially crafted URLs. NOTE: Successful exploitation specifically requires that the Java Security Manager is improperly configured. SOLUTION: Install patches or apply updated packages via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Martin Kouba, IT SYSTEMS. ORIGINAL ADVISORY: RHSA-2011:0460-1: https://rhn.redhat.com/errata/RHSA-2011-0460.html RHSA-2011:0461-1: https://rhn.redhat.com/errata/RHSA-2011-0461.html RHSA-2011:0462-1: https://rhn.redhat.com/errata/RHSA-2011-0462.html RHSA-2011:0463-1: https://rhn.redhat.com/errata/RHSA-2011-0463.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 14:25:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 23:25:54 +0200 Subject: [SEC] [SA44216] HP Insight Control Performance Management Two Vulnerabilities Message-ID: <201104212125.p3LLPsdZ030431@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Insight Control Performance Management Two Vulnerabilities SECUNIA ADVISORY ID: SA44216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44216 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP Insight Control Performance Management, which can be exploited by malicious users to potentially compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks. 1) An unspecified error can be exploited by authenticated users to potentially compromise the system. 2) The application allows users to perform certain sensitive actions via HTTP requests without performing any validity checks to verify the requests. SOLUTION: Update to version 6.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02664 SSRT100417: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02748970 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 14:46:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Apr 2011 23:46:51 +0200 Subject: [SEC] [SA44211] Pragyan CMS Cross-Site Request Forgery Vulnerability Message-ID: <201104212146.p3LLkpxi019156@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Pragyan CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44211 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44211/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44211 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44211/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44211/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44211 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Pragyan CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change a user's permissions by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 2.6.4. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Originally reported in version 3.0 beta by High-Tech Bridge SA. ORIGINAL ADVISORY: High-Tech Bridge (HTB22855): http://www.htbridge.ch/advisory/xsrf_csrf_in_pragyan_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 15:11:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 00:11:56 +0200 Subject: [SEC] [SA44227] HP Virtual Server Environment Unspecified Vulnerablity Message-ID: <201104212211.p3LMBuru008082@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Virtual Server Environment Unspecified Vulnerablity SECUNIA ADVISORY ID: SA44227 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44227/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44227 RELEASE DATE: 2011-04-21 DISCUSS ADVISORY: http://secunia.com/advisories/44227/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44227/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44227 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Virtual Server Environment, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No more information is currently available. SOLUTION: Update to version 6.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02665 SSRT100185: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02749050 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 15:46:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 00:46:29 +0200 Subject: [SEC] [SA44204] Atlassian Confluence Two Cross-Site Scripting Vulnerabilities Message-ID: <201104212246.p3LMkTQT029820@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Atlassian Confluence Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44204 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44204/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44204 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44204/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44204/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44204 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Atlassian Confluence, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "{doc}" macro is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "{toc}" macro is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Vulnerability #1 is reported in versions prior to 3.4.6 and vulnerability #2 is reported in versions prior to 3.4.9. SOLUTION: Update to version 3.4.9. PROVIDED AND/OR DISCOVERED BY: The vendor credits dave b. ORIGINAL ADVISORY: Atlassian Software Systems (CONF-21508, CONF-21819): http://jira.atlassian.com/browse/CONF-21508 http://jira.atlassian.com/browse/CONF-21819 http://confluence.atlassian.com/x/HgdrDQ http://confluence.atlassian.com/x/MgCzDQ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 16:12:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 01:12:01 +0200 Subject: [SEC] [SA44231] HP System Management Homepage Multiple Vulnerabilities Message-ID: <201104212312.p3LNC1WG018756@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP System Management Homepage Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44231 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44231/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44231 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44231/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44231/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44231 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP System Management Homepage, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. 1) The application bundles vulnerable versions of PHP, OpenSSL, and libxml. For more information: SA40268 SA40906 SA39573 SA41724 SA42175 2) An unspecified error can be exploited by authenticated users to execute arbitrary code. No more information is currently available. 3) An unspecified error can be exploited to gain unauthorised access. No more information is currently available. SOLUTION: Update to version 6.3 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02662 SSRT100409: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02735910 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 16:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 01:46:37 +0200 Subject: [SEC] [SA44313] SocialCMS Cross-Site Request Forgery Vulnerability Message-ID: <201104212346.p3LNkblc008107@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SocialCMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44313 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44313/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44313 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44313/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44313/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44313 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SocialCMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: vir0e5 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17193/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 17:14:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 02:14:34 +0200 Subject: [SEC] [SA44251] HP Systems Insight Manager Multiple Vulnerabilities Message-ID: <201104220014.p3M0EYuW029545@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Systems Insight Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44251 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44251/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44251 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44251/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44251/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44251 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, disclose sensitive information, bypass certain security restrictions, or compromise a user's system. 1) The application bundles a vulnerable version of Flash Player. For more information: SA41917 2) Unspecified input is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application allows users to perform certain sensitive actions via HTTP requests without performing any validity checks to verify the requests. SOLUTION: Update to version 6.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02663 SSRT100428: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738731 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 17:46:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 02:46:44 +0200 Subject: [SEC] [SA44234] HP Proliant Support Pack Three Vulnerabilities Message-ID: <201104220046.p3M0kiko018785@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Proliant Support Pack Three Vulnerabilities SECUNIA ADVISORY ID: SA44234 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44234/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44234 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44234/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44234/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44234 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in HP Proliant Support Pack, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct spoofing attacks or gain knowledge of sensitive information. 1) Unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website via a specially crafted link. 2) Unspecified input is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of the affected site. 3) An unspecified error can be exploited to disclose sensitive information. SOLUTION: Update to version 8.7. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits ProCheckUp. 2, 3) Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02661 SSRT100408: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02735590 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 18:11:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 03:11:35 +0200 Subject: [SEC] [SA44311] Automagick Tube Script "module" Cross-Site Scripting Vulnerability Message-ID: <201104220111.p3M1BZku007688@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Automagick Tube Script "module" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44311 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44311/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44311 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44311/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44311/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44311 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Automagick Tube Script, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "module" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 1.4.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurdish hackers team ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/100624/automagick-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 18:46:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 03:46:22 +0200 Subject: [SEC] [SA44265] Debian update for openjdk-6 Message-ID: <201104220146.p3M1kMeu029433@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA44265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44265 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43002 SA43135 SA43262 SA43555 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2224-1: http://lists.debian.org/debian-security-announce/2011/msg00093.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 19:18:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 04:18:08 +0200 Subject: [SEC] [SA44258] HP Performance Insight Unspecified Sensitive Information Disclosure Message-ID: <201104220218.p3M2I8dA019134@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Performance Insight Unspecified Sensitive Information Disclosure SECUNIA ADVISORY ID: SA44258 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44258/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44258 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44258/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44258/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44258 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Performance Insight, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused due to an unspecified error granting unauthorised access to certain sensitive information. The vulnerability is reported in versions 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Update to version 5.41.002 and apply HF04 / QCCR1B88272 hotfix. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02660 SSRT100433: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02790298 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 19:46:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 04:46:18 +0200 Subject: [SEC] [SA44209] docuFORM Mercury Two Cross-Site Scripting Vulnerabilities Message-ID: <201104220246.p3M2kILp008195@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: docuFORM Mercury Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44209 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered two vulnerabilities in docuFORM Mercury, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "aa_sfunc" and "this_url" parameters to f_state.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 6.16a and 5.20 and confirmed in version 6.16b. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5010.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 20:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 05:11:29 +0200 Subject: [SEC] [SA44320] Fedora update for kdenetwork Message-ID: <201104220311.p3M3BTLB029495@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for kdenetwork SECUNIA ADVISORY ID: SA44320 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44320/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44320 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44320/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44320/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44320 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA39528 SOLUTION: Apply updated packages using the yum utility ("yum update kdenetwork"). ORIGINAL ADVISORY: FEDORA-2011-5211: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 20:46:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 05:46:29 +0200 Subject: [SEC] [SA44307] FreeBSD update for mountd Message-ID: <201104220346.p3M3kTpS018868@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: FreeBSD update for mountd SECUNIA ADVISORY ID: SA44307 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44307/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44307 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44307/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44307/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44307 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: FreeBSD has issued an update for mountd. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the handling of "-network" definitions using the CIDR notion with a certain prefix length when parsing the exports table, which can result in an incorrect network mask being used to enforce ACL restrictions. Successful exploitation requires that a prefix length that is not a multiple of 8 is used. SOLUTION: Update FreeBSD or apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Ruslan Ermilov. ORIGINAL ADVISORY: FreeBSD-SA-11:01.mountd: http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 21:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 06:11:29 +0200 Subject: [SEC] [SA44098] Ubuntu update for openslp and openslp-dfsg Message-ID: <201104220411.p3M4BTXV007778@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for openslp and openslp-dfsg SECUNIA ADVISORY ID: SA44098 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44098/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44098 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44098/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44098/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44098 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openslp and openslp-dfsg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43742 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1118-1: http://www.ubuntu.com/usn/usn-1118-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 21:46:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 06:46:20 +0200 Subject: [SEC] [SA44218] CA SiteMinder Web Agents User Impersonation Vulnerability Message-ID: <201104220446.p3M4kK8Y029534@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: CA SiteMinder Web Agents User Impersonation Vulnerability SECUNIA ADVISORY ID: SA44218 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44218/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44218 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44218/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44218/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44218 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA SiteMinder, which can be exploited by malicious users to impersonate other users. The vulnerability is caused due to an error when handling multi-line headers and can be exploited by sending specially crafted data. The vulnerability is reported in the following versions: * CA SiteMinder R6 Web Agents prior to R6 SP6 CR2 * CA SiteMinder R12 Web Agents prior to R12 SP3 CR2 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits April King. ORIGINAL ADVISORY: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381} OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 21 22:11:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 07:11:28 +0200 Subject: [SEC] [SA44268] Debian update for doctrine Message-ID: <201104220511.p3M5BSr8018444@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for doctrine SECUNIA ADVISORY ID: SA44268 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44268/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44268 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44268/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44268/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44268 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for doctrine. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA43932 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2223-1: http://lists.debian.org/debian-security-announce/2011/msg00092.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 10:32:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 19:32:11 +0200 Subject: [SEC] [SA44324] Fedora update for ikiwiki Message-ID: <201104221732.p3MHWBg5007150@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for ikiwiki SECUNIA ADVISORY ID: SA44324 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44324/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44324 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44324/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44324/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44324 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA44137 SOLUTION: Apply updated packages via the yum utility ("yum update ikiwiki"). ORIGINAL ADVISORY: FEDORA-2011-5173: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058653.html FEDORA-2011-5180: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058700.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 11:32:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 20:32:12 +0200 Subject: [SEC] [SA44264] Dolibarr ERP/CRM Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201104221832.p3MIWCkW030021@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Dolibarr ERP/CRM Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA44264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44264 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed to the "theme" parameter in htdocs/user/passwordforgotten.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) Input passed to the "lang" parameter in htdocs/document.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/Dolibarr.3.0.0_Reflected.Cross-site.Scripting_180.html http://www.autosectools.com/Advisories/Dolibarr.3.0.0_Local.File.Inclusion_181.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 12:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 21:31:32 +0200 Subject: [SEC] [SA44285] web2Project "token" SQL Injection Vulnerability Message-ID: <201104221931.p3MJVW8U020470@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: web2Project "token" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44285 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44285/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44285 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44285/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44285/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44285 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in web2Project, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "token" parameter to calendar.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.3. Prior versions may also be affected. SOLUTION: Update to version 2.3.1. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/Web2Project.2.3_SQL.Injection_183.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 13:32:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 22:32:02 +0200 Subject: [SEC] [SA44315] Pulse CMS Sensitive Information Disclosure Weakness Message-ID: <201104222032.p3MKW2XP010974@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Pulse CMS Sensitive Information Disclosure Weakness SECUNIA ADVISORY ID: SA44315 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44315/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44315 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44315/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44315/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44315 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Pulse CMS, which can be exploited by malicious people to disclose sensitive information. The application stores backups with predictable file names inside the data/backups directory, which can be exploited to disclose sensitive information by downloading a file. The weakness is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Limit access to the "data/backups" directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: KedAns-Dz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 14:26:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 23:26:42 +0200 Subject: [SEC] [SA44323] zenphoto Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201104222126.p3MLQghr001163@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: zenphoto Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA44323 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44323/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44323 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44323/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44323/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44323 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been discovered in ZenPhoto, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "_zp_themeroot" parameter to themes/zenpage/slideshow.php and themes/stopdesign/comment_form.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 2) Input passed via the "X-Forwarded-For" HTTP header to e.g. zp-core/admin.php is not properly sanitised in zp-core/functions.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.4.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) High-Tech Bridge SA 2) Saif El-Sherei ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/multiple_xss_in_zenphoto.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 14:46:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Apr 2011 23:46:53 +0200 Subject: [SEC] [SA44327] SUSE update for postfix Message-ID: <201104222146.p3MLkrmO022317@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for postfix SECUNIA ADVISORY ID: SA44327 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44327/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44327 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44327/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44327/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44327 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data. For more information: SA43646 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0389-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00068.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 15:11:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 00:11:45 +0200 Subject: [SEC] [SA44330] Red Hat update for kdelibs Message-ID: <201104222211.p3MMBjcd011228@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for kdelibs SECUNIA ADVISORY ID: SA44330 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44330/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44330 RELEASE DATE: 2011-04-22 DISCUSS ADVISORY: http://secunia.com/advisories/44330/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44330/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44330 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA44065 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0464-1: https://rhn.redhat.com/errata/RHSA-2011-0464.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 15:47:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 00:47:18 +0200 Subject: [SEC] [SA44329] Red Hat update for kdenetwork Message-ID: <201104222247.p3MMlIAc000547@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for kdenetwork SECUNIA ADVISORY ID: SA44329 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44329/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44329 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44329/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44329/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44329 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA44124 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0465-1: https://rhn.redhat.com/errata/RHSA-2011-0465.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 16:12:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 01:12:08 +0200 Subject: [SEC] [SA44226] Ubuntu update for tiff Message-ID: <201104222312.p3MNC87Q021918@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for tiff SECUNIA ADVISORY ID: SA44226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44226 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1120-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001314.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 16:46:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 01:46:48 +0200 Subject: [SEC] [SA44245] nfs-utils "mount.nfs" RLIMIT_FSIZE Security Issue Message-ID: <201104222346.p3MNkmDo011277@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: nfs-utils "mount.nfs" RLIMIT_FSIZE Security Issue SECUNIA ADVISORY ID: SA44245 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44245/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44245 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44245/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44245/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44245 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in nfs-utils, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security is caused due to the "mount.nfs" utility not properly taking resource limits into account when e.g. adding new file system descriptions to "/etc/mtab", which can be exploited to e.g. corrupt the "/etc/mtab" file by setting a low RLIMIT_FSIZE limit. The security issue is reported in version 1.2.3. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Red Hat ORIGINAL ADVISORY: Red Hat Bug #697975: https://bugzilla.redhat.com/show_bug.cgi?id=697975 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 17:14:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 02:14:59 +0200 Subject: [SEC] [SA44197] Asterisk Security Bypass and Denial of Service Vulnerabilities Message-ID: <201104230014.p3N0Exu3032715@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Asterisk Security Bypass and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44197 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) The application does not properly limit the number of simultaneous TCP connections to e.g. the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server, which can be exploited to exhaust all available file descriptors and stop Asterisk from processing new calls. 2) An error within the Asterisk Manager Interface when handling "Originate" actions can be exploited to bypass a certain security check and execute arbitrary shell commands by sending an "Originate" action with both the "Async" and "Application" headers. Successful exploitation requires that the attacker is an authenticated manager user. The vulnerabilities are reported in Asterisk Open Source prior to versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 and Asterisk Business Edition prior to version C.3.6.4 SOLUTION: Update to a fixed version or apply patches. Set limits for unauthenticated connections. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tzafrir Cohen 2) Mark Murawski ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2011-005.html http://downloads.asterisk.org/pub/security/AST-2011-006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 17:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 02:46:26 +0200 Subject: [SEC] [SA44276] Todoyu "lang" Cross-Site Scripting Vulnerability Message-ID: <201104230046.p3N0kQrW021928@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Todoyu "lang" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44276 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44276/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44276 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44276/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44276/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44276 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in Todoyu, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "lang" parameter to lib/js/jscalendar/php/test.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/Todoyu.2.0.8_Reflected.Cross-site.Scripting_182.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 18:11:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 03:11:27 +0200 Subject: [SEC] [SA44248] Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities Message-ID: <201104230111.p3N1BRPY010839@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA44248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44248 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. 1) Integer overflow errors within the "agp_generic_insert_memory()" and "agp_generic_remove_memory()" function in drivers/char/agp/generic.c can be exploited to cause a buffer overflow via e.g. specially crafted AGPIOC_BIND and AGPIOC_UNBIND IOCTLs. 2) The implementation of the AGPIOC_RESERVE and AGPIOC_ALLOCATE IOCTLs does not properly handle and track memory allocations, which can be exploited to cause an OOM (Out Of Memory) situation. Successful exploitation requires access to the "/dev/agpgart" device (usually group "video"). SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: https://lkml.org/lkml/2011/4/14/293 https://lkml.org/lkml/2011/4/14/294 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 18:46:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 03:46:55 +0200 Subject: [SEC] [SA44250] Slackware update for rdesktop Message-ID: <201104230146.p3N1ktsO032622@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Slackware update for rdesktop SECUNIA ADVISORY ID: SA44250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44250 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA44200 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-110-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485376 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 19:17:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 04:17:35 +0200 Subject: [SEC] [SA44213] Avaya Communication Server 1000 Denial of Service Vulnerability Message-ID: <201104230217.p3N2HZLX022232@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Avaya Communication Server 1000 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44213 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44213/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44213 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44213/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44213/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44213 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Avaya Communication Server 1000, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer underflow error when handling a certain size value in incoming requests and can be exploited to crash the device via a specially crafted request sent to UDP port 5100. The vulnerability is reported in version 5.5. Other versions may also be affected. SOLUTION: Upgrade to version 6.0 or later. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: Avaya: https://support.avaya.com/css/P8/documents/100133768 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-141/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 19:46:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 04:46:51 +0200 Subject: [SEC] [SA43681] CA Output Management Web Viewer ActiveX Control Vulnerabilities Message-ID: <201104230246.p3N2kpDl011346@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: CA Output Management Web Viewer ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA43681 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43681 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/43681/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43681/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43681 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in CA Output Management Web Viewer, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the UOMWV_Helper ActiveX control (UOMWV_HelperActiveX.ocx) when creating an email message can be exploited to cause a stack-based buffer overflow via an overly long string assigned to the "Title" property. 2) A boundary error in the PPSViewer ActiveX control (PPSView.ocx) when creating a debug message string can be exploited to cause a stack-based buffer overflow via an overly long string passed in the "SRC" object parameter. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version r11.0 SP1 and reported in version r11.5: * UOMWV_HelperActiveX.ocx version 2.0.0.6. * PPSView.ocx version 1.0.0.6. SOLUTION: Apply APARs. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: CA: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364} Secunia Research: http://secunia.com/secunia_research/2011-34/ http://secunia.com/secunia_research/2011-35/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 20:11:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 05:11:30 +0200 Subject: [SEC] [SA44267] Ubuntu update for linux-ti-omap4 Message-ID: <201104230311.p3N3BU7a032636@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA44267 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44267/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44267 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44267/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44267/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44267 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose system and potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA41234 SA41245 SA41263 SA41440 SA41462 SA41493 SA41693 SA42061 SA42094 SA42172 SA42187 SA42354 SA42570 SA42684 SA42765 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1119-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001313.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 20:47:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 05:47:06 +0200 Subject: [SEC] [SA44274] Debian update for tinyproxy Message-ID: <201104230347.p3N3l6Wr022031@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for tinyproxy SECUNIA ADVISORY ID: SA44274 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44274/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44274 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44274/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44274/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44274 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tinyproxy. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA43948 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2222-1: http://lists.debian.org/debian-security-announce/2011/msg00091.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 21:11:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 06:11:59 +0200 Subject: [SEC] [SA44252] Oracle Solaris gedit Filename Format String Vulnerability Message-ID: <201104230411.p3N4Bxj1010941@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris gedit Filename Format String Vulnerability SECUNIA ADVISORY ID: SA44252 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44252/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44252 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44252/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44252/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44252 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA15454 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2005_1686_format_string OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 21:47:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 06:47:02 +0200 Subject: [SEC] [SA44256] WordPress SocialGrid Plugin "default_services" Cross-Site Scripting Vulnerability Message-ID: <201104230447.p3N4l2Ae032685@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress SocialGrid Plugin "default_services" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44256 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44256/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44256 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44256/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44256/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44256 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the SocialGrid plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "default_services" parameter in wp-content/plugins/socialgrid/static/js/inline-admin.js.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22940: http://www.htbridge.ch/advisory/xss_in_socialgrid_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 22 22:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 07:11:55 +0200 Subject: [SEC] [SA44284] Oracle Solaris Kerberos Multiple Vulnerabilities Message-ID: <201104230511.p3N5BtBC021604@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris Kerberos Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44284 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44284/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44284 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44284/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44284/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44284 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or conduct spoofing attacks. For more information: SA42396 SA43260 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: Oracle: http://blogs.sun.com/security/entry/cve_2011_0281_cve_2011 http://blogs.sun.com/security/entry/cve_2010_1323_vulnerability_in OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 10:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 19:31:59 +0200 Subject: [SEC] [SA44278] Oracle PeopleSoft Enterprise CRM Order Capture Unspecified Vulnerability Message-ID: <201104231731.p3NHVxEU010275@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise CRM Order Capture Unspecified Vulnerability SECUNIA ADVISORY ID: SA44278 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44278/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44278 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44278/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44278/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44278 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. The vulnerability is caused due to an unspecified error in the Order Capture component. No further information is currently available. The vulnerability is reported in version 8.9 Bundle #41. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixPS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 11:31:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 20:31:55 +0200 Subject: [SEC] [SA44290] Oracle Open Office Two Vulnerabilities Message-ID: <201104231831.p3NIVtfu000687@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Open Office Two Vulnerabilities SECUNIA ADVISORY ID: SA44290 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44290/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44290 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44290/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44290/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44290 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged two vulnerabilities in Oracle Open Office, which can be exploited by malicious people to potentially compromise a user's system. For more information see vulnerabilities #1 and #2: SA41596 SOLUTION: Apply patches (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_3702_cve_2010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 12:31:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 21:31:40 +0200 Subject: [SEC] [SA44270] Fedora update for kdelibs Message-ID: <201104231931.p3NJVeLV023614@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for kdelibs SECUNIA ADVISORY ID: SA44270 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44270/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44270 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44270/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44270/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44270 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA44065 SOLUTION: Apply updated packages using the yum utility ("yum update kdelibs"). ORIGINAL ADVISORY: FEDORA-2011-5183: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058486.html FEDORA-2011-5200: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058667.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 13:31:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 22:31:51 +0200 Subject: [SEC] [SA44157] Ubuntu update for policykit-1 Message-ID: <201104232031.p3NKVpCb014122@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for policykit-1 SECUNIA ADVISORY ID: SA44157 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44157/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44157 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44157/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44157/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44157 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for policykit-1. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA44266 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1117-1: http://www.ubuntu.com/usn/usn-1117-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 14:25:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 23:25:45 +0200 Subject: [SEC] [SA44188] Ubuntu update for krb5 Message-ID: <201104232125.p3NLPjnL004314@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA44188 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44188/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44188 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44188/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44188/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44188 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44125 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1116-1: http://www.ubuntu.com/usn/usn-1116-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 14:46:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Apr 2011 23:46:46 +0200 Subject: [SEC] [SA44192] Debian update for libmojolicious-perl Message-ID: <201104232146.p3NLkkVT025453@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for libmojolicious-perl SECUNIA ADVISORY ID: SA44192 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44192/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44192 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44192/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44192/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44192 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libmojolicious-perl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA44051 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2221-1: http://www.debian.org/security/2011/dsa-2221 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 15:11:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 00:11:41 +0200 Subject: [SEC] [SA44286] Oracle Solaris OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201104232211.p3NMBfXA014380@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA44286 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44286/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44286 RELEASE DATE: 2011-04-23 DISCUSS ADVISORY: http://secunia.com/advisories/44286/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44286/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44286 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2008_7270_vulnerability_in OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 15:47:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 00:47:18 +0200 Subject: [SEC] [SA44255] webSPELL Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104232247.p3NMlIjk003738@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: webSPELL Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44255 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44255/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44255 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44255/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44255/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44255 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in webSPELL, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "pass" parameter in index.php (when "site" is set to "newsletter") is not properly sanitised before being processed in newsletter.php and returned to the user in templates/newsletter.html. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "touser" parameter in index.php (when "site" is set to "messenger" and "action" is set to "touser") is not properly sanitised before being processed in newsletter.php and returned to the user in templates/pm_new_touser.html. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "page" parameter in admin/admincenter.php (when "site" is set to "users" and "action" is set to "addtoclan") is not properly sanitised before being processed and returned to the user in admin/users.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed to the "squadID" parameter in admin/admincenter.php (when "site" is set to "squads" and "action" is set to "edit") is not properly sanitised before being processed and returned to the user in admin/squads.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed to the "contactID" parameter in admin/admincenter.php (when "site" is set to "contact" and "action" is set to "edit") is not properly sanitised before being processed and returned to the user in admin/contact.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 4.2.2a. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22932: http://www.htbridge.ch/advisory/multiple_xss_in_webspell.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 16:12:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 01:12:22 +0200 Subject: [SEC] [SA44293] Oracle Application Server Multiple Vulnerabilities Message-ID: <201104232312.p3NNCMFS025080@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. * Oracle Application Server 10g Release 3 version 10.1.3.5.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 16:46:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 01:46:54 +0200 Subject: [SEC] [SA44215] Debian update for request-tracker3.6 and request-tracker3.8 Message-ID: <201104232346.p3NNksjp014419@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for request-tracker3.6 and request-tracker3.8 SECUNIA ADVISORY ID: SA44215 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44215/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44215 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44215/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44215/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44215 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for request-tracker3.6 and request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site scripting attacks, and disclose potentially sensitive information and by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and compromise a vulnerable system. For more information: SA44189 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2220-1: http://www.debian.org/security/2011/dsa-2220 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 17:15:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 02:15:04 +0200 Subject: [SEC] [SA44289] Oracle Solaris Gnome Evolution iCalendar Buffer Overflows Message-ID: <201104240015.p3O0F4GX003462@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris Gnome Evolution iCalendar Buffer Overflows SECUNIA ADVISORY ID: SA44289 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44289/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44289 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44289/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44289/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44289 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to compromise a user's system. For more information: SA30298 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2008_1108_cve_2008 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 17:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 02:46:24 +0200 Subject: [SEC] [SA43913] Oracle Open Office Multiple Vulnerabilities Message-ID: <201104240046.p3O0kOOV025068@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Open Office Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43913 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43913/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43913 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/43913/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43913/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43913 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Oracle Open Office, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixOOO OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 18:11:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 03:11:38 +0200 Subject: [SEC] [SA44292] Oracle WebLogic Server OpenSSL Plaintext Injection Vulnerability Message-ID: <201104240111.p3O1Bcs0013997@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle WebLogic Server OpenSSL Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA44292 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44292/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44292/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44292/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Weblogic Server, which can be exploited by malicious people to manipulate certain data. For more information see vulnerability #1: SA37291 The vulnerability is reported in versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, and 11gR1 (10.3.2, 10.3.3, 10.3.4). SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 18:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 03:47:10 +0200 Subject: [SEC] [SA44260] Oracle Database Multiple Vulnerabilities Message-ID: <201104240147.p3O1lA3Z003361@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Database Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44260 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44260/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44260 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44260/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44260/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44260 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to manipulate certain data and cause a DoS (Denial of Service). 1) An unspecified error in the Oracle Warehouse Builder component can be exploited by authenticated users to potentially execute arbitrary code. Successful exploitation of this vulnerability requires Dimensional Data Modeling privileges. 2) A second unspecified error in the Oracle Warehouse Builder component can be exploited by authenticated users to potentially execute arbitrary code. Successful exploitation of this vulnerability requires Oracle Warehouse Builder User Account privileges. 3) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 4) An error exists in the Application Service Level Management component and can be exploited by authenticated users to disclose or manipulate certain data. For more information see vulnerability #1: SA44228 5) An unspecified error in the Network Foundation component can be exploited to cause a DoS. 6) An error exists in the Oracle Help component and can be exploited to manipulate certain data. For more information see vulnerability #2: SA44246 7) An unspecified error in the UIX component can be exploited to manipulate certain data. 8) An unspecified error in the Database Vault component can be exploited by authenticated users to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * Oracle Database 11g Release 2 versions 11.2.0.1, and 11.2.0.2. * Oracle Database 11g Release 1 version 11.1.0.7. * Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, and 10.2.0.5. * Oracle Database 10g Release 1 version 10.1.0.5. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixDB OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 19:17:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 04:17:02 +0200 Subject: [SEC] [SA44294] Oracle Identity Management Security Service Component Vulnerability Message-ID: <201104240217.p3O2H2VV025363@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Identity Management Security Service Component Vulnerability SECUNIA ADVISORY ID: SA44294 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44294/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44294 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44294/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44294/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44294 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Oracle Identity Management, which can be exploited by malicious people to manipulate certain data. For more information see vulnerability #1: SA37291 The vulnerability is reported in versions 10.1.4.0.1 and 10.1.4.3. SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 19:45:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 04:45:38 +0200 Subject: [SEC] [SA44281] Oracle Agile Technology Platform Unspecified Information Disclosure Message-ID: <201104240245.p3O2jcDJ012635@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Agile Technology Platform Unspecified Information Disclosure SECUNIA ADVISORY ID: SA44281 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44281/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44281 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44281/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44281/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44281 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Agile Technology Platform, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused by an unspecified error in the Security component and can be exploited to disclose certain data via specially crafted HTTP requests. The vulnerability is reported in versions 9.3.0.2 and 9.3.1. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSCP OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 20:10:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 05:10:28 +0200 Subject: [SEC] [SA44272] Red Hat update for polkit Message-ID: <201104240310.p3O3ASOM001473@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for polkit SECUNIA ADVISORY ID: SA44272 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44272/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44272 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44272/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44272/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44272 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for polkit. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA44266 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0455-1: https://rhn.redhat.com/errata/RHSA-2011-0455.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 20:24:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 05:24:39 +0200 Subject: [SEC] [SA44244] SUSE update for flash-player Message-ID: <201104240324.p3O3OdHw022349@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA44244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44244 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA44119 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0373-1: https://hermes.opensuse.org/messages/8138626 SUSE-SA:2011:018: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 20:45:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 05:45:43 +0200 Subject: [SEC] [SA44210] SUSE update for openldap2 Message-ID: <201104240345.p3O3jhHB011092@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for openldap2 SECUNIA ADVISORY ID: SA44210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44210 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for openldap2. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43331 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0356-1: https://hermes.opensuse.org/messages/8136212 openSUSE-SU-2011:0359-1: https://hermes.opensuse.org/messages/8136210 openSUSE-SU-2011:0363-1: https://hermes.opensuse.org/messages/8136208 SUSE-SU-2011:0369-1: https://hermes.opensuse.org/messages/8138643 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 21:12:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 06:12:25 +0200 Subject: [SEC] [SA44291] Oracle JRockit Multiple Vulnerabilities Message-ID: <201104240412.p3O4CPq2032476@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle JRockit Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44291 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44291/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44291 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44291/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44291/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44291 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in JRockit, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 The vulnerabilities are reported in versions R27.6.8 and earlier (JDK/JRE 1.4.2, 5, 6) and R28.1.1 and earlier (JDK/JRE 5, 6). SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 21:45:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 06:45:39 +0200 Subject: [SEC] [SA44257] WordPress WP-StarsRateBox Plugin Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201104240445.p3O4jd0A021759@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress WP-StarsRateBox Plugin Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44257 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44257/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44257 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44257/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44257/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44257 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in the WP-StarsRateBox plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "q" parameter in wp-content/plugins/wp-starsratebox/wp-starsratebox.php (when "j", "check", "opinion", or "opinion_check" is set to any value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "j" parameter to wp-content/plugins/wp-starsratebox/wp-starsratebox.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22934: http://www.htbridge.ch/advisory/sql_injection_in_wp_starsratebox_wordpress_plugin.html HTB22935: http://www.htbridge.ch/advisory/multiple_xss_in_wp_starsratebox_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Apr 23 22:10:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 07:10:30 +0200 Subject: [SEC] [SA44254] ChatLakTurk Video Script "ara" Cross-Site Scripting Vulnerability Message-ID: <201104240510.p3O5AUli010667@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ChatLakTurk Video Script "ara" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44254 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44254/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44254 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44254/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44254/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44254 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ChatLakTurk Video Script, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "ara" parameter to ara.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurdish hackers team ORIGINAL ADVISORY: http://kurdteam.org/exploit.php?id=51 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 10:30:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 19:30:40 +0200 Subject: [SEC] [SA44287] Oracle Solaris libxslt XSL File Processing Vulnerability Message-ID: <201104241730.p3OHUeIF031726@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Solaris libxslt XSL File Processing Vulnerability SECUNIA ADVISORY ID: SA44287 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44287/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44287 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44287/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44287/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44287 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA30315 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2008_1767_buffer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 11:31:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 20:31:02 +0200 Subject: [SEC] [SA44232] Fujitsu Interstage Products Java Double Literal Denial of Service Message-ID: <201104241831.p3OIV21x022233@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Java Double Literal Denial of Service SECUNIA ADVISORY ID: SA44232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44232 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fujitsu has acknowledged a vulnerability in various Interstage products, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 SOLUTION: Patches are currently pending release. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 12:30:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 21:30:44 +0200 Subject: [SEC] [SA44228] Oracle Enterprise Manager Grid Control Two Vulnerabilities Message-ID: <201104241930.p3OJUioG012716@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Enterprise Manager Grid Control Two Vulnerabilities SECUNIA ADVISORY ID: SA44228 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44228/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44228 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44228/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44228/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44228 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Oracle Enterprise Manager, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data and by malicious people to manipulate certain data. 1) An unspecified error in the Application Service Level Management component can be exploited by authenticated users to disclose or manipulate certain data. 2) An error exists in the Oracle Help component and can be exploited to manipulate certain data. For more information see vulnerability #2: SA44246 SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixEM OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 13:30:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 22:30:36 +0200 Subject: [SEC] [SA44246] Oracle Fusion Middleware Multiple Vulnerabilities Message-ID: <201104242030.p3OKUacE003157@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Fusion Middleware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44246 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Fusion Middleware, which can be exploited by malicious people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 2) An unspecified error in the Oracle Help component can be exploited to manipulate certain data. No further information is currently available. 3) An unspecified error in the Midtier Infrastructure of the Portal component can be exploited to manipulate certain data. No further information is currently available. The vulnerabilities are reported in 11g Release versions 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the other vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 14:25:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 23:25:04 +0200 Subject: [SEC] [SA44262] Apple iTunes Two WebKit Vulnerabilities Message-ID: <201104242125.p3OLP4Bc025809@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Apple iTunes Two WebKit Vulnerabilities SECUNIA ADVISORY ID: SA44262 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44262/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44262 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44262/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44262/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44262 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has acknowledged two vulnerabilities in iTunes, which can be exploited by malicious people to compromise a user's system. For more information: SA44151 Successful exploitation allows execution of arbitrary code, but requires that a MitM (Man-in-the-Middle) attack can be conducted against traffic between a user's system and the iTunes store. SOLUTION: Update to version 10.2.2. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4609 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 14:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 24 Apr 2011 23:46:06 +0200 Subject: [SEC] [SA44295] Oracle Outside In Technology File Processing Vulnerabilities Message-ID: <201104242146.p3OLk6Rv014556@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Outside In Technology File Processing Vulnerabilities SECUNIA ADVISORY ID: SA44295 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44295/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44295 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44295/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44295/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44295 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to compromise an application using the library. 1) An unspecified error exists in the vswk6.dll and sccut.dll modules when handling Lotus 123 files. No further information is currently available. 2) A second unspecified error exists in the vswk6.dll and sccut.dll modules when handling Microsoft CAB or OneNote (".onepkg") files. No further information is currently available. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 8.3.2.0 and 8.3.5.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS US-CERT (VU#520721): http://www.kb.cert.org/vuls/id/520721 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 15:10:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 00:10:42 +0200 Subject: [SEC] [SA44280] Oracle Siebel CRM Three Unspecified Vulnerabilities Message-ID: <201104242210.p3OMAgOL003434@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Siebel CRM Three Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA44280 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44280/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44280 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44280/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44280/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44280 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious people to manipulate certain data. 1) An unspecified error in the UIF Client sub-component can be exploited to insert, update, or delete certain data via specially crafted HTTP requests. This vulnerability is reported in versions 7.8.2, 8.0.0, and 8.1.1. 2) An unspecified error in the Globalization - Automotive sub-component can be exploited to insert, update, or delete certain data via specially crafted HTTP requests. This vulnerability is reported in versions 8.0.0 and 8.1.1. 3) An unspecified error in the Globalization - Automotive sub-component can be exploited to insert, update, or delete certain data via specially crafted HTTP requests. This vulnerability is reported in versions 7.8.2, 8.0.0, and 8.1.1. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixSECR http://www.oracle.com/technetwork/topics/security/cpuapr2011verbose-303136.html#SECR OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 15:24:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 00:24:54 +0200 Subject: [SEC] [SA44221] OpenVAS Manager Report Format Plugin Vulnerability Message-ID: <201104242224.p3OMOsgl024263@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: OpenVAS Manager Report Format Plugin Vulnerability SECUNIA ADVISORY ID: SA44221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44221 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenVAS Manager, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application not properly dropping privileges and verifying format plugins before running them, which can be exploited to execute arbitrary code with the privileges of the user running the manager by uploading a specially crafted report format plugin. The vulnerability is reported in versions prior to 2.0.3. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.wald.intevation.org/pipermail/openvas-announce/2011-April/000120.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 15:45:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 00:45:41 +0200 Subject: [SEC] [SA44266] PolicyKit "pkexec" Race Condition Privilege Escalation Security Issue Message-ID: <201104242245.p3OMjffd012992@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: PolicyKit "pkexec" Race Condition Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA44266 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44266/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44266 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44266/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44266/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44266 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in PolicyKit, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to a race condition when determining the privileges of the parent process, which can be exploited to gain escalated privileges by e.g. invoking a suid root application from the parent process. The security issue is reported in version 0.101. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Neel Mehta, Google. ORIGINAL ADVISORY: Red Hat Bug #692922: https://bugzilla.redhat.com/show_bug.cgi?id=692922 GIT Commits: http://cgit.freedesktop.org/PolicyKit/commit/?id=dd848a42a64a3b22a0cc60f6657b56ce9b6010ae http://cgit.freedesktop.org/PolicyKit/commit/?id=129b6223a19e7fb2753f8cad7957ac5402394076 http://cgit.freedesktop.org/PolicyKit/commit/?id=c23d74447c7615dc74dae259f0fc3688ec988867 http://cgit.freedesktop.org/PolicyKit/commit/?id=3b12cfac29dddd27f1f166a7574d8374cc1dccf2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 16:11:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 01:11:07 +0200 Subject: [SEC] [SA44282] Oracle Health Sciences Applications InForm Vulnerability Message-ID: <201104242311.p3ONB7vQ001866@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Health Sciences Applications InForm Vulnerability SECUNIA ADVISORY ID: SA44282 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44282/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44282 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44282/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44282/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44282 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Health Sciences Applications, which can be exploited by malicious users to manipulate certain data or gain knowledge of sensitive information. The vulnerability is caused due to an unspecified error in the InForm component and allows unauthorised read, update, insert, or delete access to all InForm accessible data. The vulnerability is reported in versions 4.5, 4.6, and 5.0. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixGBU http://www.oracle.com/technetwork/topics/security/cpuapr2011verbose-303136.html#GBU OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 16:45:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 01:45:54 +0200 Subject: [SEC] [SA44164] Linux Kernel "next_pidmap()" Denial of Service Vulnerability Message-ID: <201104242345.p3ONjsrU023671@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Linux Kernel "next_pidmap()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44164 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44164/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44164 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44164/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44164/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44164 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "next_pidmap()" function in kernel/pid.c, which can be exploited to cause a kernel crash by e.g. initiating a specially crafted "getdents()" system call. SOLUTION: Update to version 2.6.38.4. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://groups.google.com/group/fa.linux.kernel/browse_thread/thread/93c1088451fd3522/4a28ecb7f755a88d?#4a28ecb7f755a88d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c78193e9c7bcbf25b8237ad0dec82f805c4ea69b http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d8bdc59f215e62098bc5b4256fd9928bf27053a1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 17:13:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 02:13:53 +0200 Subject: [SEC] [SA44271] Fedora update for libtiff Message-ID: <201104250013.p3P0DrJw012734@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for libtiff SECUNIA ADVISORY ID: SA44271 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44271/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44271 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44271/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44271/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44271 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages using the yum utility ("yum update libtiff"). ORIGINAL ADVISORY: FEDORA-2011-5304: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Apr 24 17:46:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 02:46:22 +0200 Subject: [SEC] [SA44269] HP Insight Control for Linux Multiple Vulnerabilities Message-ID: <201104250046.p3P0kMio001922@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Insight Control for Linux Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44269 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP Insight Control for Linux, which can be exploited by malicious users to potentially compromise a vulnerable system and malicious people to bypass certain security restrictions, gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. 1) The application bundles a vulnerable version of OpenSSL. For more information: SA42243 SA42473 SA43227 2) The application bundles a vulnerable version of OpenSSH. For more information: SA43181 3) An unspecified error can be exploited by authenticated users to potentially compromise the system. SOLUTION: Update to version 6.3 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 3) Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02658 SSRT100413: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02794777 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 10:31:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 19:31:09 +0200 Subject: [SEC] [SA44341] dynMedia Pro "dwnfile" Arbitrary File Download Vulnerability Message-ID: <201104251731.p3PHV91i003040@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: dynMedia Pro "dwnfile" Arbitrary File Download Vulnerability SECUNIA ADVISORY ID: SA44341 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44341 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44341/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44341/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44341 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in dynMedia Pro, which can be exploited by malicious people to disclose sensitive information. Input passed via the "dwnfile" parameter to downloadfile.php is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in version 4.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Mbah_Semar OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 11:31:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 20:31:10 +0200 Subject: [SEC] [SA44263] Webmin "Full Name" Input Sanitation Vulnerability Message-ID: <201104251831.p3PIVAX6025943@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Webmin "Full Name" Input Sanitation Vulnerability SECUNIA ADVISORY ID: SA44263 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44263/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44263 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44263/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44263/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44263 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Javier Bassi has discovered a vulnerability in Webmin, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an input sanitation error in useradmin/index.cgi when processing a user's "Full Name" information. This can be exploited to insert arbitrary HTML and script code, which will be executed in a browser session when an admin access the "Users and Groups" page. Successful exploitation requires that "CHFN_RESTRICT" is set to "frwh" or "off" in /etc/login.defs. The vulnerability is confirmed in version 1.540. Other version may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Javier Bassi ORIGINAL ADVISORY: http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 12:30:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 21:30:36 +0200 Subject: [SEC] [SA44338] Ariadne Cross-Site Request Forgery Vulnerability Message-ID: <201104251930.p3PJUasg016410@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ariadne Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44338 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44338/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44338 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44338/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44338/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44338 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Ariadne, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the password of an administrative user when a logged-in administrator visits a specially crafted web page. The vulnerability is confirmed in version 2.7.5. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: KedAns-Dz ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/100717/ariadne-xsrf.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 13:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 22:31:00 +0200 Subject: [SEC] [SA44319] HP Network Automation Unspecified Information Disclosure Message-ID: <201104252031.p3PKV0ms006918@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Network Automation Unspecified Information Disclosure SECUNIA ADVISORY ID: SA44319 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44319/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44319 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44319/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44319/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44319 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Network Automation, which can be exploited by malicious people to gain knowledge of potentially sensitive information. For more information: SA44304 The vulnerability is reported in versions 7.2x, 7.5x, and 7.6x. Other versions may also be affected. SOLUTION: Upgrade to version 9.10 and apply hotfix 87674. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02666 SSRT100434: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02789514 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 14:24:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 23:24:30 +0200 Subject: [SEC] [SA44304] HP Network Automation Unspecified Information Disclosure Message-ID: <201104252124.p3PLOUwZ029493@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP Network Automation Unspecified Information Disclosure SECUNIA ADVISORY ID: SA44304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44304 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Network Automation, which can be exploited by malicious people to gain knowledge of potentially sensitive information. The vulnerability is caused due to an unspecified error. No more information is currently available. The vulnerability is reported in versions 9.0 and 9.10. SOLUTION: Update to version 9.10 and apply hotfix 87674. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02666 SSRT100434: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02789514 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 14:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Apr 2011 23:45:51 +0200 Subject: [SEC] [SA44322] HP SiteScope Cross-Site Scripting and Script Insertion Message-ID: <201104252145.p3PLjpQc018240@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP SiteScope Cross-Site Scripting and Script Insertion SECUNIA ADVISORY ID: SA44322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44322 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Unspecified input is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Unspecified input is not properly sanitised before being stored. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when viewed. The vulnerabilities are reported in versions 11.01 and 11.1. SOLUTION: Update to version 11.1 and apply hotfix SS1110110412. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02667 SSRT100464: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02807712 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 15:11:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 00:11:43 +0200 Subject: [SEC] [SA44354] HP SiteScope Cross-Site Scripting and Script Insertion Message-ID: <201104252211.p3PMBhjA007200@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: HP SiteScope Cross-Site Scripting and Script Insertion SECUNIA ADVISORY ID: SA44354 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44354/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44354 RELEASE DATE: 2011-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/44354/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44354/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44354 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. For more information: SA44322 The vulnerabilities are reported in versions 9.54 and 10.13. SOLUTION: Upgrade to version 11.1 and apply hotfix SS1110110412. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02667 SSRT100464: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02807712 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Apr 25 15:45:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 00:45:57 +0200 Subject: [SEC] [SA44335] PHP phar Extension Integer Overflow Vulnerability Message-ID: <201104252245.p3PMjvRS028913@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: PHP phar Extension Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA44335 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44335/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44335 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44335/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44335/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44335 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexander Gavrun has reported a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow error within the phar extension in the "phar_parse_tarfile()" function (ext/phar/tar.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted TAR file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 5.3.6. Other versions may also be affected. SOLUTION: Do not use the phar extension to process untrusted archives. PROVIDED AND/OR DISCOVERED BY: Alexander Gavrun ORIGINAL ADVISORY: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 10:30:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 19:30:36 +0200 Subject: [SEC] [SA44312] Red Hat update for spice-xpi Message-ID: <201104261730.p3QHUa88003022@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for spice-xpi SECUNIA ADVISORY ID: SA44312 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44312/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44312 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44312/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44312/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44312 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for spice-xpi. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges and malicious people to potentially compromise a user's system. 1) An uninitialised pointer error in the SPICE Firefox plugin can be exploited by e.g. tricking a user into visiting a malicious website. 2) The SPICE Firefox plugin creates log files with a predictable filename, which can be exploited to overwrite arbitrary files via directory traversal attacks. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0426-1: http://rhn.redhat.com/errata/RHSA-2011-0426.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 11:31:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 20:31:01 +0200 Subject: [SEC] [SA44309] Hitachi Web Server Two Vulnerabilities Message-ID: <201104261831.p3QIV1Cf025953@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Hitachi Web Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44309 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44309/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44309/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44309/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Hitachi Web Server, which can be exploited by malicious people to disclose sensitive information and manipulate certain data. 1) An error in the SSL protocol can be exploited to insert arbitrary plaintext. This may be related to vulnerability #1 in: SA37291 2) An error when handling the RequestHeader directive can be exploited to disclose sensitive information from the memory. This may be related to vulnerability #3 in: SA38776 Please see the vendor's advisory for the list of affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 12:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 21:31:00 +0200 Subject: [SEC] [SA44325] phpMyChat Plus Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201104261931.p3QJV0qV016446@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: phpMyChat Plus Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA44325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44325 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered multiple vulnerabilities in phpMyChat Plus, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "pmc_password" parameter to avatar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "CookieUsername" and "CookieStatus" cookie parameters to e.g. lurking.php is not properly sanitised in lib/useronline.lib.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.93. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisory/phpMyChat-Plus-1.93-Reflected-Cross-site-Scripting-187 http://www.autosectools.com/Advisory/phpMyChat-Plus-1.93-Blind-SQL-Injection-188 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 13:30:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 22:30:58 +0200 Subject: [SEC] [SA44360] Fedora update for python-feedparser Message-ID: <201104262030.p3QKUw8j006939@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for python-feedparser SECUNIA ADVISORY ID: SA44360 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44360/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44360 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44360/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44360/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44360 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for python-feedparser. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct script insertion attacks. For more information: SA43730 SOLUTION: Apply updated packages via the yum utility ("yum update python-feedparser"). ORIGINAL ADVISORY: FEDORA-2011-4894: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058889.html FEDORA-2011-4911: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058879.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 14:25:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 23:25:29 +0200 Subject: [SEC] [SA44326] OrangeHRM "path" File Inclusion Vulnerability Message-ID: <201104262125.p3QLPTgh029565@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: OrangeHRM "path" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA44326 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44326/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44326 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44326/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44326/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44326 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in OrangeHRM, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "path" parameter in plugins/PluginController.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 2.6.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisory/OrangeHRM-2.6.3-Local-File-Inclusion-189 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 14:45:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Apr 2011 23:45:35 +0200 Subject: [SEC] [SA44358] Fedora update for krb5 Message-ID: <201104262145.p3QLjZCs018269@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for krb5 SECUNIA ADVISORY ID: SA44358 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44358/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44358 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44358/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44358/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44358 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44125 SOLUTION: Apply updated packages via the yum utility ("yum update krb5"). ORIGINAL ADVISORY: FEDORA-2011-5343: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058896.html FEDORA-2011-5345: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058878.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 15:11:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 00:11:14 +0200 Subject: [SEC] [SA44359] Fedora update for perl-Mojolicious Message-ID: <201104262211.p3QMBEJT007234@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for perl-Mojolicious SECUNIA ADVISORY ID: SA44359 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44359/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44359 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44359/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44359/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44359 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl-Mojolicious. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA44051 SOLUTION: Apply updated packages via the yum utility ("yum update perl-Mojolicious"). ORIGINAL ADVISORY: FEDORA-2011-5504: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html FEDORA-2011-5505: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 15:45:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 00:45:53 +0200 Subject: [SEC] [SA44361] Fedora update for fail2ban Message-ID: <201104262245.p3QMjrBB028964@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for fail2ban SECUNIA ADVISORY ID: SA44361 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44361/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44361 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44361/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44361/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44361 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for fail2ban. This fixes some weaknesses, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA44253 SOLUTION: Apply updated packages via the yum utility ("yum update fail2ban"). ORIGINAL ADVISORY: FEDORA-2011-5151: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058872.html FEDORA-2011-5153: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058886.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 16:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 01:11:48 +0200 Subject: [SEC] [SA44132] KVM qemu-kvm virtio-blk Driver Buffer Overflow Vulnerabilities Message-ID: <201104262311.p3QNBm5r017947@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: KVM qemu-kvm virtio-blk Driver Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA44132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44132 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in KVM qemu-kvm, which can be exploited by malicious, local users in a guest system to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerabilities are caused due to boundary errors within the "virtio_blk_handle_write()" and "virtio_blk_handle_read()" functions in hw/virtio-blk.c, which can be exploited to cause a buffer overflow by sending specially crafted read or write requests to the virtio-blk driver. The vulnerabilities are reported in version 0.14.0. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Conor Murphy ORIGINAL ADVISORY: http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Apr 26 16:45:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 01:45:57 +0200 Subject: [SEC] [SA44355] EasyPHP Insecure File Permissions Privilege Escalation Security Issue Message-ID: <201104262345.p3QNjvlf007270@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: EasyPHP Insecure File Permissions Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA44355 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44355/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44355 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44355/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44355/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44355 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in EasyPHP, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the application being installed with insecure file permissions. This can be exploited to modify any file within the application's installation directory. The security issue is confirmed in version 5.3.6.0. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: KedAns-Dz ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/100804/easyphpws-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 10:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 19:31:00 +0200 Subject: [SEC] [SA44383] openSUSE Build Service API Security Bypass Vulnerability Message-ID: <201104271731.p3RHV0MJ011100@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: openSUSE Build Service API Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44383 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44383/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44383 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44383/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44383/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44383 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in openSUSE Build Service, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error within the API, which can be exploited to modify packages or projects without having write access. For more information see vulnerability #1 in: SA44306 SOLUTION: Update to version 2.0.8. PROVIDED AND/OR DISCOVERED BY: The vendor credits Marcus H?we. ORIGINAL ADVISORY: http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 11:30:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 20:30:49 +0200 Subject: [SEC] [SA44306] openSUSE Build Service Multiple Vulnerabilities Message-ID: <201104271830.p3RIUn7t001510@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: openSUSE Build Service Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44306 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44306/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44306 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44306/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44306/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44306 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in openSUSE Build Service, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. 1) An unspecified error within the API can be exploited to modify packages or projects without having write access. 2) An unspecified error within the API allowed foreign users to change the password in LDAP mode. 3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 2.1.6. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Marcus H?we. 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 12:30:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 21:30:49 +0200 Subject: [SEC] [SA44363] Cisco IOS OCSP Revoked Certificate Security Issue Message-ID: <201104271930.p3RJUnR2024464@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco IOS OCSP Revoked Certificate Security Issue SECUNIA ADVISORY ID: SA44363 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44363/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44363 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44363/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44363/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44363 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error in the OCSP functionality and can lead to a revoked certificate being successfully authenticated. SOLUTION: Update to versions 15.1(1)S1 or 15.1(2)T2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 13:30:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 22:30:47 +0200 Subject: [SEC] [SA44332] SMSGATE.4 Web Server Two Vulnerabilities Message-ID: <201104272030.p3RKUllu014963@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SMSGATE.4 Web Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44332 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44332/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44332 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44332/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44332/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44332 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Security Research Group has reported two vulnerabilities in SMSGATE.4, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error when processing URI parameters can be exploited to cause the web server to crash via an overly long string sent in a HTTP GET request. 2) An error when processing certain parameters within XML requests can be exploited to corrupt memory. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 4.07r. SOLUTION: Update to version 4.07r or later. PROVIDED AND/OR DISCOVERED BY: Alexey Sintsov, Digital Security Research Group ORIGINAL ADVISORY: SMSGATE.4: http://www.nevo-asc.ru/ru/product/ap/smsgate3/smsgate4-history.php Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=319 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 14:24:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 23:24:56 +0200 Subject: [SEC] [SA44353] GNU C Library "fnmatch()" Integer Overflow Denial of Service Vulnerability Message-ID: <201104272124.p3RLOuQx005177@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: GNU C Library "fnmatch()" Integer Overflow Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44353 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44353/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44353 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44353/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44353/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44353 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the implementation of the "fnmatch()" function, which can be exploited to cause a crash. Note: This is related to SA43492. The vulnerability is reported in version 2.13. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Red Hat ORIGINAL ADVISORY: Red Hat Bug #681054: https://bugzilla.redhat.com/show_bug.cgi?id=681054 GNU C Library Bug #12583: http://sourceware.org/bugzilla/show_bug.cgi?id=12583 GIT commit: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 14:45:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Apr 2011 23:45:40 +0200 Subject: [SEC] [SA44334] webERP "CompanyNameField" Cross-Site Scripting Vulnerability Message-ID: <201104272145.p3RLjeZd026322@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: webERP "CompanyNameField" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44334 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44334/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44334 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44334/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44334/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44334 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in webERP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "CompanyNameField" parameter to e.g. AccountGroups.php is not properly sanitised in includes/ConnectDB.inc before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 4.03.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch, AutoSec Tools. ORIGINAL ADVISORY: http://www.autosectools.com/Advisory/webERP-4.03.8-Reflected-Cross-site-Scripting-186 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 15:10:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 00:10:47 +0200 Subject: [SEC] [SA44318] Spree File Disclosure and Code Execution Vulnerabilities Message-ID: <201104272210.p3RMAliK015266@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Spree File Disclosure and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA44318 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44318/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44318 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44318/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44318/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44318 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Spree, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system. 1) An error related to the Content Controller can be exploited to disclose the content of arbitrary files. 2) Certain input passed to the API search is not properly verified before being used in the rd_searchlogic gem, which can be exploited to execute arbitrary commands via specially crafted requests. Vulnerability #1 is reported in versions prior to 0.50.1 and vulnerability #2 is reported in versions 0.30.x and 0.40.x. SOLUTION: Update to version 0.50.1 or later. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits John Hartzler. 2) joernchen, Phenoelit. ORIGINAL ADVISORY: Spree: http://www.spreecommerce.com/blog/2011/04/19/security-fixes joernchen: http://www.slideshare.net/hackitoergosum/hes2011-joernchen-ruby-on-rails-from-a-code-auditor-perspective http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/multi/http/spree_searchlogic_exec.rb OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 15:45:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 00:45:43 +0200 Subject: [SEC] [SA44380] IBM solidDB "rpc_test_svc" Commands Handling NULL Pointer Dereference Vulnerability Message-ID: <201104272245.p3RMjh9u004609@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM solidDB "rpc_test_svc" Commands Handling NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA44380 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44380/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44380 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44380/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44380/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44380 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when handling the "rpc_test_svc_readwrite" and "rpc_test_svc_done" commands and can be exploited to crash the solidDB process by sending a specially crafted request to TCP port 2315. The vulnerability is reported in the following versions: * IBM solidDB versions 4.5.181 and prior. * IBM solidDB versions 6.0.1068 and prior. * IBM solidDB versions 6.3 Fix Pack 7 and prior. * IBM solidDB versions 6.5 Fix Pack 3 and prior. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Tenable Network Security via ZDI. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21496106 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-142/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 16:12:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 01:12:00 +0200 Subject: [SEC] [SA44348] WordPress WP Ajax Recent Posts Plugin "number" Cross-Site Scripting Vulnerability Message-ID: <201104272312.p3RNC0wG026011@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress WP Ajax Recent Posts Plugin "number" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44348 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44348/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44348 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44348/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44348/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44348 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the WP Ajax Recent Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "number" parameter in index.php (when "action" is set to "wpAjaxRecentPosts") is not properly sanitised in wp-content/plugins/wp-ajax-recent-posts/func/function.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22951: http://www.htbridge.ch/advisory/xss_in_wp_ajax_recent_posts_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 16:45:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 01:45:30 +0200 Subject: [SEC] [SA44342] phpMiniAdmin Cross-Site Request Forgery Vulnerability Message-ID: <201104272345.p3RNjUxo015309@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: phpMiniAdmin Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA44342 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44342/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44342 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44342/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44342/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44342 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in phpMiniAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL code when a logged-in administrator visits a specially crafted web page. The vulnerability is reported in versions prior to 1.6.110426. SOLUTION: Update to version 1.6.110426. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sourceforge.net/projects/phpminiadmin/files/phpminiadmin/phpminiadmin-1.6.110426/changes_1.6.110426.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 17:14:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 02:14:01 +0200 Subject: [SEC] [SA44350] OpenVZ update for kernel Message-ID: <201104280014.p3S0E1cR004386@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA44350 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44350/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44350 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44350/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44350/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44350 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA44136 SOLUTION: Update to kernel branch RHEL5 version 028stab089.1. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel5/028stab089.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 17:45:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 02:45:40 +0200 Subject: [SEC] [SA44314] Videcon Viola DVR VIO-4/1000 "FILEFAIL" and "FILECAMERA" File Disclosure Vulnerabilities Message-ID: <201104280045.p3S0jevk026017@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Videcon Viola DVR VIO-4/1000 "FILEFAIL" and "FILECAMERA" File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA44314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44314 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Videcon Viola DVR VIO-4/1000, which can be exploited by malicious people to disclose sensitive information. Input passed via the "FILEFAIL" parameter to cgi-bin/wappwd and the "FILECAMERA" parameter to cgi-bin/wapopen is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: QSecure and Demetris Papapetrou. ORIGINAL ADVISORY: http://www.qsecure.com.cy/advisories/dir_traversal_in_viola_dvr.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 18:10:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 03:10:35 +0200 Subject: [SEC] [SA44333] WordPress Sermon Browser Plugin Cross-Site Scripting and SQL Injection Message-ID: <201104280110.p3S1AZWs014952@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Sermon Browser Plugin Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA44333 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44333/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44333 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44333/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44333/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44333 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the Sermon Browser plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "file_name" parameter to index.php (when "download" is set) is not properly sanitised in wp-content/plugins/sermon-browser/sermon.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "sermon_id" parameter to index.php is not properly sanitised in wp-content/plugins/sermon-browser/sb-includes/frontend.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 0.43.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Ma3sTr0-Dz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 18:25:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 03:25:20 +0200 Subject: [SEC] [SA44374] Fedora update for wireshark Message-ID: <201104280125.p3S1PKdp003388@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA44374 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44374/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44374 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44374/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44374/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44374 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA44172 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2011-5529: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html FEDORA-2011-5569: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 18:45:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 03:45:56 +0200 Subject: [SEC] [SA44372] WordPress Publish Posts Security Bypass Security Issue Message-ID: <201104280145.p3S1juor024535@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Publish Posts Security Bypass Security Issue SECUNIA ADVISORY ID: SA44372 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44372/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44372 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44372/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44372/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44372 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to wp-admin/press-this.php script not properly checking a user's permissions before publishing posts and can be exploited by users without the "publish_posts" permission. Successful exploitation requires "Contributor-level" privileges. The security issue is reported in versions prior to 3.1.2. SOLUTION: Update to version 3.1.2. PROVIDED AND/OR DISCOVERED BY: Andrew Nacin, WordPress. The vendor also credits Benjamin Balter. ORIGINAL ADVISORY: http://codex.wordpress.org/Version_3.1.2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 19:15:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 04:15:24 +0200 Subject: [SEC] [SA44382] IBM Tivoli Management Framework Java Double Literal Denial of Service Vulnerability Message-ID: <201104280215.p3S2FOgq014155@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM Tivoli Management Framework Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44382 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44382/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44382 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44382/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44382/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44382 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Tivoli Management Framework, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in version 4.1.1. SOLUTION: Apply patches 4.1.1-TMF-0124 and 4.1.1-TMF-0125 or apply APARs IZ96820 and IZ96821. ORIGINAL ADVISORY: IBM (IZ96820, IZ96821): http://www.ibm.com/support/docview.wss?uid=swg24029766 http://www.ibm.com/support/docview.wss?uid=swg24029768 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 19:45:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 04:45:49 +0200 Subject: [SEC] [SA42928] Advantech ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities Message-ID: <201104280245.p3S2jnt1003291@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Advantech ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42928 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/42928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in Advantech Studio ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing the "InternationalOrder" property can be exploited to cause a heap-based buffer overflow via an overly long string assigned to the property. 2) A boundary error when processing the "InternationalSeparator" property can be exploited to cause a heap-based buffer overflow via an overly long string assigned to the property. 3) A boundary error when processing a certain window procedure can be exploited to cause a stack-based buffer overflow via e.g. an overly long string passed as the "bstrFileName" parameter to the "OpenScreen()" method. 4) A boundary error when creating a log file can be exploited to cause a stack-based buffer overflow via an overly long string assigned to the "LogFileName" property. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0). Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-37/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 20:10:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 05:10:58 +0200 Subject: [SEC] [SA44339] Debian update for libmodplug Message-ID: <201104280310.p3S3Aw0r024650@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for libmodplug SECUNIA ADVISORY ID: SA44339 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44339/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44339 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44339/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44339/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44339 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA44054 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2226-1: http://www.debian.org/security/2011/dsa-2226 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 20:45:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 05:45:59 +0200 Subject: [SEC] [SA44340] Debian update for asterisk Message-ID: <201104280345.p3S3jxHf014035@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for asterisk SECUNIA ADVISORY ID: SA44340 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44340/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44340 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44340/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44340/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44340 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA43429 SA43722 SA44197 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2225-1: http://www.debian.org/security/2011/dsa-2225 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 21:11:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 06:11:28 +0200 Subject: [SEC] [SA44371] NetBSD update for dhclient Message-ID: <201104280411.p3S4BS1a002955@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: NetBSD update for dhclient SECUNIA ADVISORY ID: SA44371 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44371/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44371 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44371/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44371/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44371 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NetBSD has issued an update for dhclient. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44037 SOLUTION: Fixed in the CVS repository. See vendor advisory for details. ORIGINAL ADVISORY: NetBSD-SA2011-005: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 21:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 06:46:06 +0200 Subject: [SEC] [SA44317] CA Arcot WebFort Versatile Authentication Server Cross-Site Scripting and Redirection Message-ID: <201104280446.p3S4k6n8024728@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: CA Arcot WebFort Versatile Authentication Server Cross-Site Scripting and Redirection SECUNIA ADVISORY ID: SA44317 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44317/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44317 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44317/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44317/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44317 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in CA Arcot WebFort Versatile Authentication Server, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks. 1) Certain unspecified input passed to the Arcot Administrative Console is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. 2) Certain unspecified input passed to the Arcot Administrative Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The weakness and the vulnerability are reported in versions prior to 6.2.5. SOLUTION: Update to version 6.2.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Daniel Stirnimann, Compass Security. ORIGINAL ADVISORY: CA20110426-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A71F5839-D214-4719-B918-4476E4537998} OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Apr 27 22:11:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 07:11:36 +0200 Subject: [SEC] [SA44367] Subtitle Processor Playlist Processing Buffer Overflow Vulnerability Message-ID: <201104280511.p3S5BaFh013676@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Subtitle Processor Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44367 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44367/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44367 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44367/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44367/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44367 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Subtitle Processor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary when processing playlist files and can be exploited to cause a stack-based buffer overflow via a specially crafted M3U (".m3u") file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious playlist file. The vulnerability is confirmed in version 7.7.1. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Brandon Murphy ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17217/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 10:30:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 19:30:46 +0200 Subject: [SEC] [SA44385] BackupPC "share" Cross-Site Scripting Vulnerability Message-ID: <201104281730.p3SHUkxb013815@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: BackupPC "share" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44385 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44385/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44385 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44385/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44385/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44385 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in BackupPC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "share" parameter in index.cgi (when "action" is set to "RestoreFile" and "host" is set to a valid host) is not properly sanitised before being returned to the user in RestoreFile.pm. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA. ORIGINAL ADVISORY: HTB22965: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 11:30:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 20:30:36 +0200 Subject: [SEC] [SA44370] Drupal Save Draft Module Security Bypass Security Issue Message-ID: <201104281830.p3SIUaBL004281@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Drupal Save Draft Module Security Bypass Security Issue SECUNIA ADVISORY ID: SA44370 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44370/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44370 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44370/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44370/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44370 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Save Draft module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error in validating form actions and can be exploited to save otherwise restricted content. The security issue is reported in versions prior to 6.x-1.8 and 7.x-1.4. SOLUTION: Update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits David Rothstein. ORIGINAL ADVISORY: SA-CONTRIB-2011-017: http://drupal.org/node/1140124 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 12:31:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 21:31:10 +0200 Subject: [SEC] [SA44379] WordPress Daily Maui Photo Widget Plugin Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201104281931.p3SJVAen027223@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Daily Maui Photo Widget Plugin Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44379 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44379/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44379 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44379/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44379/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44379 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the Daily Maui Photo Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "title" parameter to wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "selected_small", "selected_medium", "selected_thumb", "selected_date", and "selected_full" parameters to wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 0.2. Prior versions may also be affected. SOLUTION: Update to version 0.3. PROVIDED AND/OR DISCOVERED BY: 1) High-Tech Bridge SA 2) Reported by the vendor ORIGINAL ADVISORY: Daily Maui Photo Widget: http://wordpress.org/extend/plugins/daily-maui-photo-widget/changelog/ HTB22960: http://www.htbridge.ch/advisory/xss_in_daily_maui_photo_widget_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 13:30:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 22:30:56 +0200 Subject: [SEC] [SA44259] BackupPC "num" Cross-Site Scripting Vulnerability Message-ID: <201104282030.p3SKUuKC017725@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: BackupPC "num" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44259 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44259 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44259/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44259/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44259 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in BackupPC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "num" parameter in index.cgi (when "action" is set to "browse" and "host" is set to a valid host) is not properly sanitised before being returned to the user in Browse.pm. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.2.0. Prior versions may also be affected. SOLUTION: Update to version 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by Adam E. ORIGINAL ADVISORY: BackupPC Sourceforge Mail Archive: http://sourceforge.net/mailarchive/message.php?msg_id=26919997 BackupPC Sourceforge Revision: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 14:25:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 23:25:27 +0200 Subject: [SEC] [SA44351] WordPress WP Photo Album Plugin "id" Cross-Site Scripting Vulnerability Message-ID: <201104282125.p3SLPRaY007971@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress WP Photo Album Plugin "id" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44351 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44351/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44351 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44351/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44351/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44351 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the WP Photo Album plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "id" parameter to wp-admin/admin.php (when "page" is set to "wp-photo-album/wppa.php" and "tab" is set to "del") is not properly sanitised in wp-content/plugins/wp-photo-album/wppa.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.5.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22961: http://www.htbridge.ch/advisory/xss_in_wp_photo_album_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 14:46:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Apr 2011 23:46:49 +0200 Subject: [SEC] [SA44331] Cisco Unified Communications Manager Multiple Vulnerabilities Message-ID: <201104282146.p3SLknoA029124@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44331 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44331/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44331 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44331/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44331/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44331 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to conduct SQL injection attacks and cause a DoS (Denial of Service). 1) A memory leak when processing SIP packets can be exploited to cause a critical process to fail and disrupt voice services via specially crafted SIP messages. 2) An unspecified error when processing SIP packets can be exploited to cause a critical process to fail and disrupt voice services via specially crafted SIP messages. 3) Another unspecified error when processing SIP packets can be exploited to cause a critical process to fail and disrupt voice services via specially crafted SIP messages. 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. 5, 6) The vendor credits Timothy Morgan, vSecurity and Sven Taute via ZDI and Alberto Revelli, Cigital. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 15:10:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 00:10:58 +0200 Subject: [SEC] [SA44373] phpGraphy Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201104282210.p3SMAwiu018020@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: phpGraphy Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA44373 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44373/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44373 RELEASE DATE: 2011-04-28 DISCUSS ADVISORY: http://secunia.com/advisories/44373/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44373/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44373 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in phpGraphy, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "theme_dir" parameter in themes/default/header.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerabilities are confirmed in version 0.9.13b. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22958: http://www.htbridge.ch/advisory/xss_in_phpgraphy.html HTB22959: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_phpgraphy.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 15:45:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 00:45:53 +0200 Subject: [SEC] [SA44378] FFmpeg Two Vulnerabilities Message-ID: <201104282245.p3SMjrVs007392@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: FFmpeg Two Vulnerabilities SECUNIA ADVISORY ID: SA44378 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44378/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44378 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44378/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44378/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44378 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. 1) An error within the Sunplus JPEG decoder can be exploited by e.g. tricking a user into opening a specially crafted AMV file. 2) A race condition error exists within the "av_log_default_callback()" function in libavutil/log.c. SOLUTION: Update to version 0.6.3. PROVIDED AND/OR DISCOVERED BY: 1) Dominic Chell, NGS Secure 2) Reported by the vendor. ORIGINAL ADVISORY: NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html ffmpeg: http://ffmpeg.org/releases/ffmpeg-0.6.3.changelog http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=36f3244ec86f27950ef3ca6ac238442c49eaaa75 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 16:12:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 01:12:17 +0200 Subject: [SEC] [SA44384] Cisco Wireless LAN Controllers ICMP Handling Denial of Service Vulnerability Message-ID: <201104282312.p3SNCHu3028785@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco Wireless LAN Controllers ICMP Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44384 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44384/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44384 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44384/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44384/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44384 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Wireless LAN Controllers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when handling ICMP traffic and can be exploited to cause a device to reload via specially crafted ICMP packets. The vulnerability is reported in the following products: * Cisco 2100 Series Wireless LAN Controllers * Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9) * Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs) * Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs) SOLUTION: Update to a fixed version (Please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 16:46:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 01:46:49 +0200 Subject: [SEC] [SA44366] Blue Coat BCAAA Buffer Overflow Vulnerability Message-ID: <201104282346.p3SNknw1018138@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Blue Coat BCAAA Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44366 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44366/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44366 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44366/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44366/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44366 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Blue Coat BCAAA, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Blue Coat Authentication and Authorization Agent (BCAAA) when processing certain packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 16102. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in all versions of BCAA associated with ProxySG releases prior to April 21, 2011 or with a build number prior to 60258. SOLUTION: Currently only a fix for BCAA associated with ProxySG 5.5 is available in version 5.5.5.1. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: The vendor credits Paul Harrington, NGS Secure. ORIGINAL ADVISORY: Blue Coat: https://kb.bluecoat.com/index?page=content&id=SA55 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 17:14:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 02:14:18 +0200 Subject: [SEC] [SA44344] MAGIX Music Maker File Processing Buffer Overflow Vulnerability Message-ID: <201104290014.p3T0EIcA007172@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: MAGIX Music Maker File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44344 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44344/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44344 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44344/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44344/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44344 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Acidgen has reported a vulnerability in MAGIX Music Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing unspecified file types and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 16.0.2.4. Other versions may also be affected. SOLUTION: Upgrade to version 17. PROVIDED AND/OR DISCOVERED BY: Acidgen ORIGINAL ADVISORY: http://www.corelan.be/advisories.php?id=CORELAN-11-002 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 17:46:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 02:46:27 +0200 Subject: [SEC] [SA44376] SUSE update for kernel Message-ID: <201104290046.p3T0kRVR028812@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA44376 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44376/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44376 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44376/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44376/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44376 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS, and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA39080 SA40205 SA42035 SA42061 SA42126 SA42148 SA42176 SA42365 SA42372 SA42570 SA42684 SA42765 SA43009 SA43056 SA43291 SA43358 SA43594 SA43806 SA43846 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0399-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00074.html SUSE-SA:2011:020: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 18:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 03:11:29 +0200 Subject: [SEC] [SA44369] Drupal Node Reference URL Widget Module Script Insertion Vulnerability Message-ID: <201104290111.p3T1BTT5017757@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Drupal Node Reference URL Widget Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA44369 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44369 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44369/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44369/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44369 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Node Reference URL Widget module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input related to node titles is not properly sanitised before being displayed as a reference node. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.10 and 7.x-1.10. SOLUTION: Update to version 6.x-1.10 or 7.x-1.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ralf Stamm. ORIGINAL ADVISORY: SA-CONTRIB-2011-018: http://drupal.org/node/1140332 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 18:46:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 03:46:44 +0200 Subject: [SEC] [SA44343] Ubuntu update for rsync Message-ID: <201104290146.p3T1ki6n007150@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for rsync SECUNIA ADVISORY ID: SA44343 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44343/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44343 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44343/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44343/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44343 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for rsync. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA44071 SOLUTION: Apply updated packages via Launchpad. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1124-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001315.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 19:19:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 04:19:10 +0200 Subject: [SEC] [SA44375] Google Chrome Multiple Vulnerabilities Message-ID: <201104290219.p3T2JAg1029274@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44375 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44375/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44375 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44375/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44375/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44375 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct spoofing attacks, and potentially compromise a user's system. 1) An unspecified error related to a stale pointer exists within the handling of floating objects. 2) A linked-list race condition exists within the database handling. Note: This vulnerability only affects the Linux and Mac versions. 3) The MIME handling does not properly ensure thread safety. 4) An extension with "tabs" permission can gain access to local files. 5) An integer overflow error exists within the float rendering. 6) An error related to blobs can be exploited to violate the same origin policy. 7) An unspecified error can be exploited to cause an interference between renderer processes. Note: This vulnerability only affects the Linux version. 8) A use-after-free error exists within the handling of "" tags and CSS. 9) A casting error exists within then handling of floating select lists. 10) An error related to mutation events can be exploited to corrupt node trees. 11) An unspecified error related to stale pointers exists in the layering code. 12) A race condition error exists within the sandbox launcher. Note: This vulnerability only affects the Linux version. 13) Interrupted loads and navigation errors can be leveraged to spoof the URL bar. 14) An unspecified error related to a stale pointer exists within the handling of drop-down lists. 15) An unspecified error related to a stale pointer exists within the height calculations. 16) A use-after-free error exists within the handling of WebSockets. 17) An error related to dangling pointers exists within the handling of file dialogs. 18) An error related to dangling pointers exists within the handling of DOM id maps. 19) Redirects and manual reloads can be exploited to spoof the URL bar. 20) A use-after-free error exists within the handling of DOM ids. 21) An error related to stale pointers exists within the handling of PDF forms. SOLUTION: Upgrade to version 11.0.696.57. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chromium Development Community (Scott Hess) and Martin Barbella 2) Chromium Development Community (Kostya Serebryany) 3) Aki Helin 4) Cole Snodgrass 5, 14) miaubiz 6, 13, 17) kuzzcc 7) Google Security Team (Julien Tinnes) 8) Jose A. Vazquez 9) Michael Griffiths 10) Sergey Glazunov and wushi, team 509. 11) Martin Barbella 12) Dan Rosenberg 15) wushi, team 509 16) Marek Majkowski 18, 20) Sergey Glazunov 19) Jordi Chancel 21) Chromium Development Community (Eric Roman) ORIGINAL ADVISORY: Google Chrome: http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-139/ http://www.zerodayinitiative.com/advisories/ZDI-11-140/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 19:46:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 04:46:28 +0200 Subject: [SEC] [SA44198] Ubuntu update for pcsc-lite Message-ID: <201104290246.p3T2kSW0018303@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for pcsc-lite SECUNIA ADVISORY ID: SA44198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44198 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for pcsc-lite. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42659 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1125-1: http://www.ubuntu.com/usn/usn-1125-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Apr 28 20:11:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 05:11:26 +0200 Subject: [SEC] [SA43116] InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities Message-ID: <201104290311.p3T3BQSJ007231@CRON-IX-2.intnet> ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43116 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43116 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/43116/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43116/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43116 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system. For more information: SA42928 The vulnerabilities are confirmed in ISSymbol.ocx (build 301.1009.2904.0) included in the following products: * InduSoft Thin Client version 7.0. * InduSoft Web Studio version 7.0B2. SOLUTION: Install hotfix 7.0.01.04. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/hotfixes/hotfixes.php Secunia Research: http://secunia.com/secunia_research/2011-36/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 10:31:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 19:31:50 +0200 Subject: [SEC] [SA44364] udisks Kernel Module Loading Weakness Message-ID: <201104291731.p3THVoq5001274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: udisks Kernel Module Loading Weakness SECUNIA ADVISORY ID: SA44364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44364 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in udisks, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to udisks not properly verifying certain input before using it as a parameter to the "mount" command, which can be exploited to load arbitrary kernel modules. The weakness is reported in version 1.0.2. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Sebastian Krahmer, SUSE ORIGINAL ADVISORY: freedesktop Bug #32232: https://bugs.freedesktop.org/show_bug.cgi?id=32232 GIT commit: http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 11:31:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 20:31:49 +0200 Subject: [SEC] [SA43474] Data Dynamics ActiveBar ActiveX Control "SetLayoutData()" Vulnerability Message-ID: <201104291831.p3TIVnDH024228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Data Dynamics ActiveBar ActiveX Control "SetLayoutData()" Vulnerability SECUNIA ADVISORY ID: SA43474 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43474/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43474 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/43474/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43474/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43474 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in Data Dynamics ActiveBar ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when handling the "SetLayoutData()" method and can be exploited to perform a virtual function call into an arbitrary memory location via a specially crafted "Data" argument. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.0.6.5. Other versions may also be affected. SOLUTION: The product has been discontinued. Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 12:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 21:31:59 +0200 Subject: [SEC] [SA44396] eyeOS Uploaded Images Script Insertion Vulnerability Message-ID: <201104291931.p3TJVxn1014727@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: eyeOS Uploaded Images Script Insertion Vulnerability SECUNIA ADVISORY ID: SA44396 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44396/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44396 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44396/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44396/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44396 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alberto Ortega has discovered a vulnerability in eyeOS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the uploaded image content is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will execute in a user's browser session in context of an affected site when the malicious image is being viewed. The vulnerability is confirmed in version 1.9.0.2. Prior versions may also be affected. SOLUTION: Update to version 1.9.0.3. PROVIDED AND/OR DISCOVERED BY: Alberto Ortega ORIGINAL ADVISORY: eyeOS: http://forums.eyeos.org/index.php/topic,6505.0.html Alberto Ortega: http://www.securitybydefault.com/2011/04/vulnerabilidad-en-eyeos-1x.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 13:32:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 22:32:30 +0200 Subject: [SEC] [SA44365] Red Hat update for thunderbird Message-ID: <201104292032.p3TKWUM3005224@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA44365 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44365/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44365 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44365/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44365/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44365 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. For more information: SA44357 SA44407 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0475-1: http://rhn.redhat.com/errata/RHSA-2011-0475.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 14:25:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 23:25:54 +0200 Subject: [SEC] [SA44386] Red Hat update for seamonkey Message-ID: <201104292125.p3TLPseP027824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA44386 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44386/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44386 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44386/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44386/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44386 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA44357 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0473-01: https://rhn.redhat.com/errata/RHSA-2011-0473.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 14:46:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Apr 2011 23:46:54 +0200 Subject: [SEC] [SA44390] Red Hat update for thunderbird Message-ID: <201104292146.p3TLksP0016583@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA44390 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44390/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44390 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44390/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44390/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44390 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA44357 SA44407 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0474-1: http://rhn.redhat.com/errata/RHSA-2011-0474.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 15:11:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 00:11:58 +0200 Subject: [SEC] [SA44402] HP OpenView Storage Data Protector Unspecified Code Execution Vulnerabilities Message-ID: <201104292211.p3TMBwg8005503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA44402 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44402/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44402 RELEASE DATE: 2011-04-29 DISCUSS ADVISORY: http://secunia.com/advisories/44402/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44402/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44402 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions 6.00, 6.10, and 6.11 running on Windows. SOLUTION: Update to version A.06.20 or later and enable encrypted control communication services. PROVIDED AND/OR DISCOVERED BY: The vendor credits Aniway via ZDI. ORIGINAL ADVISORY: HPSBMA02668 SSRT100474: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 15:47:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 00:47:30 +0200 Subject: [SEC] [SA44349] Likewise Open / Enterprise lsassd Service Denial of Service Vulnerability Message-ID: <201104292247.p3TMlUjb027297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Likewise Open / Enterprise lsassd Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44349 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44349/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44349 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44349/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44349/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44349 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Likewise Open and Likewise Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the Likewise Security Authority (lsassd) service, which can be exploited to terminate the service via specially crafted input. The vulnerability is reported in the following products for Linux, OS X, Solaris, HP-UX, AIX, FreeBSD: * Likewise Open / Enterprise 5.3 (prior to build 7845) * Likewise Open 6.0 (prior to build 8325) * Likewise Enterprise 6.0 (prior to build 178) SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: LWSA-2011-001: http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 16:12:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 01:12:14 +0200 Subject: [SEC] [SA43399] IBM Rational System Architect ActiveBar ActiveX Control Vulnerabilities Message-ID: <201104292312.p3TNCECa016214@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Rational System Architect ActiveBar ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA43399 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43399/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43399 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/43399/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43399/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43399 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in IBM Rational System Architect, which can be exploited by malicious people to compromise a user's system. The application bundles vulnerable versions of the Data Dynamics ActiveBar ActiveX controls. For more information: SA26098 SA43474 The vulnerabilities are confirmed in version 11.4.0.1 bundling ActBar.ocx version 1.0.6.5 and ActBar2.ocx version 2.5.0.65. Please see the vendor's advisory for a list of other affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia ORIGINAL ADVISORY: IBM: https://www.ibm.com/support/docview.wss?uid=swg21497689 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 16:47:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 01:47:00 +0200 Subject: [SEC] [SA44362] SUSE update for udisks Message-ID: <201104292347.p3TNl0fn005565@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for udisks SECUNIA ADVISORY ID: SA44362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44362 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for udisks. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA44364 SOLUTION: Apply updated packages via zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0414-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00082.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 17:14:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 02:14:55 +0200 Subject: [SEC] [SA44391] VMware ESX Server / ESXi Multiple Vulnerabilities Message-ID: <201104300014.p3U0EtcA027021@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: VMware ESX Server / ESXi Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44391 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44391/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44391 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44391/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44391/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44391 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged multiple vulnerabilities in VMware ESX Server and ESXi, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, malicious users and malicious people to conduct spoofing attacks and bypass certain security restrictions, and by malicious people to cause a DoS. For more information: SA37977 SA40965 SA42396 SA44349 1) An error related to the socket handling can be exploited to exhaust all available sockets, which can be exploited to stop the host from accepting additional connections. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Jimmy Scott, inet-solutions.be ORIGINAL ADVISORY: http://www.vmware.com/security/advisories/VMSA-2011-0007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 17:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 02:47:10 +0200 Subject: [SEC] [SA44394] SUSE update for libtiff Message-ID: <201104300047.p3U0lAkp016270@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for libtiff SECUNIA ADVISORY ID: SA44394 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44394/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44394 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44394/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44394/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44394 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0405-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00078.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 18:11:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 03:11:51 +0200 Subject: [SEC] [SA44377] SUSE update for libtiff Message-ID: <201104300111.p3U1Bpeq005166@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for libtiff SECUNIA ADVISORY ID: SA44377 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44377 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44377/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44377/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44377 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA43593 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0409-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00079.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 18:46:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 03:46:53 +0200 Subject: [SEC] [SA44381] SUSE update for polkit Message-ID: <201104300146.p3U1krfg026950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for polkit SECUNIA ADVISORY ID: SA44381 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44381/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44381 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44381/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44381/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44381 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for polkit. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA44266 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0412-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00080.html openSUSE-SU-2011:0413-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00081.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 19:31:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 04:31:19 +0200 Subject: [SEC] [SA44345] 7-Technologies Interactive Graphical SCADA System ODBC Server Buffer Overflow Message-ID: <201104300231.p3U2VJPm017189@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: 7-Technologies Interactive Graphical SCADA System ODBC Server Buffer Overflow SECUNIA ADVISORY ID: SA44345 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44345/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44345 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44345/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44345/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44345 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Insomnia Security has reported a vulnerability in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the ODBC server (Odbcixv9se.exe) when processing certain packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 20222. Successful exploitation may allow execution of arbitrary code. SOLUTION: Fixed in the latest version. Contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: James Burton, Insomnia Security ORIGINAL ADVISORY: Insomnia Security: http://www.insomniasec.com/advisories/ISVA-110427.1.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 19:46:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 04:46:55 +0200 Subject: [SEC] [SA44368] Red Hat update for firefox Message-ID: <201104300246.p3U2ktQF005684@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA44368 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44368/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44368 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44368/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44368/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44368 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. For more information: SA44357 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0471-1 http://rhn.redhat.com/errata/RHSA-2011-0471.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 20:11:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 05:11:56 +0200 Subject: [SEC] [SA44407] Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201104300311.p3U3BuhC027017@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44407 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. For more information: SA44357 SOLUTION: Update to version 3.1.10. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.mozilla.org/security/announce/2011/mfsa2011-16.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 20:47:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 05:47:49 +0200 Subject: [SEC] [SA44357] Mozilla Firefox / SeaMonkey Multiple Vulnerabilities Message-ID: <201104300347.p3U3ln2q016425@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44357 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44357/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44357 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44357/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44357/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44357 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information and compromise a user's system. 1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) Multiple use-after-free errors within the handling of the "mChannel", "mObserverList", and "nsTreeRange" object attributes can be exploited to execute arbitrary code. 3) An error when handling Java applets can be exploited to steal entries from the form history via the autocomplete controls. 4) An error within the Java Embedding Plugin (JEP) can be exploited to gain escalated privileges. This vulnerability only affects the Mac OS X versions. 5) An error in the implementation of the "resource:" protocol can be exploited to perform directory traversal attacks and disclose sensitive information. This vulnerability only affects the Windows versions. NOTE: A weakness in libxslt, which could lead to disclosure of heap addresses has also been reported. SOLUTION: Update to Mozilla Firefox version 3.5.19 or 3.6.17 and Mozilla SeaMonkey version 2.0.14. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Scoobidiver, Alcidion, Ian Beer, Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman, Aki Helin, and Martin Barbella. 2) regenrecht via ZDI. 3) Paul Stone. 4) David Remahl, Apple Product Security. 5) Soroush Dalili ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.mozilla.org/security/announce/2011/mfsa2011-13.html http://www.mozilla.org/security/announce/2011/mfsa2011-14.html http://www.mozilla.org/security/announce/2011/mfsa2011-15.html http://www.mozilla.org/security/announce/2011/mfsa2011-16.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 21:11:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 06:11:51 +0200 Subject: [SEC] [SA44403] SUSE update for samba Message-ID: <201104300411.p3U4Bp0Y005285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for samba SECUNIA ADVISORY ID: SA44403 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44403/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44403 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44403/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44403/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44403 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA43512 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0403-1: http://lists.opensuse.org/opensuse-updates/2011-04/msg00076.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 21:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 06:46:34 +0200 Subject: [SEC] [SA44346] Up.Time Monitoring Station Authentication Bypass Vulnerability Message-ID: <201104300446.p3U4kY0p027045@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Up.Time Monitoring Station Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA44346 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44346/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44346 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44346/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44346/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44346 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: James Burton has discovered a vulnerability in Up.Time Monitoring Station, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to initial password setting mechanism after the password has been set, which can be exploited to e.g. reset the administrator's password and email address by sending a specially crafted request to the application. The vulnerability is confirmed in version 5.4.0 for Windows. Other versions may also be affected. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: James Burton, Insomnia Security ORIGINAL ADVISORY: ISVA-110427.2: http://www.insomniasec.com/advisories/ISVA-110427.2.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Apr 29 22:11:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Apr 2011 07:11:58 +0200 Subject: [SEC] [SA44406] Mozilla Firefox Multiple Vulnerabilities Message-ID: <201104300511.p3U5Bwen016003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44406 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44406/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44406 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44406/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44406/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44406 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. 1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error in the WebGLES library when loading a shader can be exploited to cause a buffer overflow and execute arbitrary code. 3) An off-by-three error in libGLESv2 can be exploited to corrupt memory and execute arbitrary code. NOTE: Additionally, a weakness exists within the "generate-id()" XPath function (libxslt), which can be exploited to disclose certain addresses from the heap. The vulnerabilities are reported in versions prior to 4.0.1. SOLUTION: Update to version 4.0.1. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, Ted Mielczarek, Alcidion, and Ian Beer. 2) Christoph Diehlm, Mozilla. 3) Yuri Ko. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.mozilla.org/security/announce/2011/mfsa2011-17.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------