From sec-adv at secunia.com Tue Feb 1 10:29:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 19:29:46 +0100 Subject: [SEC] [SA43111] Apache CouchDB Cross-Site Scripting Vulnerabilities Message-ID: <201102011829.p11ITkmY020672@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache CouchDB Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43111 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 0.8.0 to 1.0.1. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person. ORIGINAL ADVISORY: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A at apache.org%3E OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 11:29:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 20:29:23 +0100 Subject: [SEC] [SA43133] Moodle "PHPCOVERAGE_HOME" Cross-Site Scripting Vulnerability Message-ID: <201102011929.p11JTNe2011138@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Moodle "PHPCOVERAGE_HOME" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43133 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43133/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43133 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43133/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43133/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43133 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "PHPCOVERAGE_HOME" parameter to lib/spikephpcoverage/src/phpcoverage.remote.top.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Moodle.2.0.1_Reflected.Cross-site.Scripting_93.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 12:29:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 21:29:53 +0100 Subject: [SEC] [SA43126] Simple Web Content Management System Two Vulnerabilities Message-ID: <201102012029.p11KTrq0001566@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Simple Web Content Management System Two Vulnerabilities SECUNIA ADVISORY ID: SA43126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43126 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Simple Web Content Management System, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. 1) The application does not properly restrict access to admin/item_delete.php, which can be exploited to delete items from the database. 2) Input passed via the "id" parameter to admin/item_delete.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in the version downloaded on 2011-02-01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to admin/item_delete.php (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Simple.Web.Content.Management.System.1.21_Authentication.Bypass-SQL.Injection_97.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 13:29:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 22:29:53 +0100 Subject: [SEC] [SA43143] Symantec IM Manager Administration Console "Eval()" ASP Code Injection Vulnerability Message-ID: <201102012129.p11LTrf2024493@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec IM Manager Administration Console "Eval()" ASP Code Injection Vulnerability SECUNIA ADVISORY ID: SA43143 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43143/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43143 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43143/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43143/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43143 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec IM Manager, which can be exploited by malicious people to compromise a vulnerable system. Certain input passed to the "ScheduleTask()" function in IMAdminSchedTask.asp is not properly sanitised before being used in an "Eval()" call. This can be exploited to execute arbitrary ASP code by tricking a logged-in administrator into following a malicious link. The vulnerability is reported in versions 8.4.16 and prior. SOLUTION: Update to version 8.4.17. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-037/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 14:24:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 23:24:28 +0100 Subject: [SEC] [SA43145] HP OpenView Performance Insight Hidden Default Account Message-ID: <201102012224.p11MOSag014734@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP OpenView Performance Insight Hidden Default Account SECUNIA ADVISORY ID: SA43145 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43145/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43145 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43145/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43145/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43145 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in HP OpenView Performance Insight, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the "com.trinagy.security.XMLUserManager" Java class containing a hidden account. This can be exploited to upload arbitrary files via the "doPost()" method of the "com.trinagy.servlet.HelpManagerServlet" class. Successful exploitation may allow execution of arbitrary code. The security issue is reported in versions 5.2, 5.3, 5.31, 5.4, and 5.41 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply hotfix. Contact the vendor for further information. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Stephen Fewer, Harmony Security via ZDI. ORIGINAL ADVISORY: HPSBMA02627 SSRT090246: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02695453 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-034/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 14:44:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Feb 2011 23:44:58 +0100 Subject: [SEC] [SA43132] WordPress TagNinja Plugin "id" Cross-Site Scripting Vulnerability Message-ID: <201102012244.p11Miw0I003414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress TagNinja Plugin "id" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43132 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in the TagNinja plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "id" parameter to wp-content/plugins/tagninja/fb_get_profile.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/advisories/WordPress.TagNinja.1.0_Reflected.Cross-site.Scripting_94.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 15:10:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 00:10:06 +0100 Subject: [SEC] [SA43149] Fedora update for perl-CGI Message-ID: <201102012310.p11NA62Y024725@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for perl-CGI SECUNIA ADVISORY ID: SA43149 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43149/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43149 RELEASE DATE: 2011-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/43149/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43149/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43149 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl-CGI. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the library. For more information: SA42461 SOLUTION: Apply updated packages via the yum utility ("yum update perl-CGI"). ORIGINAL ADVISORY: FEDORA-2011-0654: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053601.html FEDORA-2011-0640: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053628.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 16:16:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 01:16:18 +0100 Subject: [SEC] [SA43137] Joomla! Frontend-User-Access "controller" Local File Inclusion Vulnerability Message-ID: <201102020016.p120GIii009968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Frontend-User-Access "controller" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43137 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Frontend-User-Access component for Joomla!, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the "controller" parameter to index.php (when "option" is set to "com_frontenduseraccess") is not properly verified before being used. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. The vulnerability is confirmed in version 3.4.1 (free version). Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: wishnusakti + inc0mp13te OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 16:16:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 01:16:06 +0100 Subject: [SEC] [SA43150] VirtueMart "search_category" SQL Injection Vulnerability Message-ID: <201102020016.p120G6jB009697@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VirtueMart "search_category" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43150 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43150/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43150 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43150/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43150/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43150 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Andrea Fabrizi has discovered a vulnerability in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "search_category" parameter to index.php (when "option" is set to "com_virtuemart" and "page" is set to "shop.browse") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.1.6. Other versions may also be affected. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Andrea Fabrizi ORIGINAL ADVISORY: VirtueMart: http://dev.virtuemart.com/projects/virtuemart/activity Andrea Fabrizi: http://www.andreafabrizi.it/?exploits:virtuemart OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 16:16:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 01:16:20 +0100 Subject: [SEC] [SA43144] PostgreSQL "intarray" Module "gettoken()" Buffer Overflow Vulnerability Message-ID: <201102020016.p120GKFT010004@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PostgreSQL "intarray" Module "gettoken()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43144 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43144/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43144 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43144/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43144/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43144 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PostgreSQL, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "gettoken()" function in contrib/intarray/_int_bool.c of the "intarray" module, which can be exploited to cause a stack-based buffer overflow by e.g. calling certain functions offered by the module with specially crafted parameters. Successful exploitation may allow execution of arbitrary code, but requires use of the "intarray" module. The vulnerability is reported in all versions prior to versions 8.2.20, 8.3.14, 8.4.7, and 9.0.3. SOLUTION: Update to versions 8.2.20, 8.3.14, 8.4.7, and 9.0.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits the security team of Apple. ORIGINAL ADVISORY: PostgreSQL: http://www.postgresql.org/about/news.1289 http://www.postgresql.org/support/security http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 16:16:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 01:16:10 +0100 Subject: [SEC] [SA42390] LightNEasy Mini Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201102020016.p120GAWV009755@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LightNEasy Mini Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42390 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42390/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42390 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/42390/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42390/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42390 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in LightNEasy Mini, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "page" parameter to LightNEasy.php is not properly sanitised before being returned to the user, if it contains a URL-encoded NULL byte. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 2) Input passed via "commentmessage" parameter to LightNEasy.php (when "page" is set to "news") is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 2.4.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Russ McRee via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 16:47:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 01:47:39 +0100 Subject: [SEC] [SA43136] AOL Rich File Processing Buffer Overflow Vulnerability Message-ID: <201102020047.p120ldmT000428@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AOL Rich File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43136 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing Rich Files (".rtx") and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious ".rtx" file. The vulnerability is confirmed in version 9.6 (Revision 4340.130). Other versions may also be affected. SOLUTION: Do not open Rich File (".rtx") files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: sup3r OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 1 17:14:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 02:14:14 +0100 Subject: [SEC] [SA43156] Redaxscript Two SQL Injection Vulnerabilities Message-ID: <201102020114.p121EEBr021869@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Redaxscript Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43156 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Redaxscript, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "id" and "password" POST parameters when performing a password reset request is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 0.3.2. Prior versions may also be affected. SOLUTION: Update to version 0.3.2a. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge (HTB22804): http://www.htbridge.ch/advisory/sql_injection_in_redaxscript.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 10:30:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 19:30:19 +0100 Subject: [SEC] [SA43173] Blue Coat ProxySG OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201102021830.p12IUJl4024397@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA43173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43173 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat ProxySG, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 The vulnerability is reported in versions 4.3, 5.3, 5.4, 5.5, and 6.1. SOLUTION: Update to version 5.4.6.1 and 6.1.2.1. Fixes for versions 4.3, 5.3, and 5.5 are not yet available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 11:29:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 20:29:41 +0100 Subject: [SEC] [SA43172] Blue Coat ProxyOne OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201102021929.p12JTfMn014835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxyOne OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA43172 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43172/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43172 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43172/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43172/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43172 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat ProxyOne, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 The vulnerability is reported in all versions of ProxyOne. SOLUTION: Restrict access to the management interface to trusted hosts only (e.g. via network access control lists). ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 12:29:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 21:29:54 +0100 Subject: [SEC] [SA43121] TinyWebGallery "admin/index.php" Cross-Site Scripting Vulnerabilities Message-ID: <201102022029.p12KTsC0005306@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TinyWebGallery "admin/index.php" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43121 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43121/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43121 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43121/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43121/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43121 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in TinyWebGallery, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "sview" parameter in admin/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. Successful exploitation of this vulnerability may require that "magic_quotes_gpc" is disabled. 2) Input passed to the "tview", "dir", and "item" parameters in admin/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. Successful exploitation of the "item" parameter requires that the "action" parameter is set to "chmod". The vulnerabilities are confirmed in version 1.8.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Yam Mesicka ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16090/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 13:29:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 22:29:48 +0100 Subject: [SEC] [SA43168] Aruba Mobility Controller Denial of Service and Authentication Bypass Vulnerabilities Message-ID: <201102022129.p12LTmhI028182@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Aruba Mobility Controller Denial of Service and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA43168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43168 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Aruba Mobility Controller, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions. 1) An error when processing 802.11 packets can be exploited to cause a crash via a specially crafted wireless probe request frame. 2) An error in the EAP-TLS Dot1X termination component can be exploited to bypass authentication and gain access to a wireless network. Successful exploitation of this vulnerability requires EAP-TLS Dot1X termination to be configured for a WLAN (not a default configuration). Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.arubanetworks.com/support/alerts/aid-013111.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 14:23:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 23:23:53 +0100 Subject: [SEC] [SA43169] Blue Coat CacheFlow OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201102022223.p12MNrfc018383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat CacheFlow OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA43169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43169 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat CacheFlow, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 The vulnerability is reported in versions prior to 2.1.4.7. SOLUTION: Update to version 2.1.4.7. ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 14:45:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Feb 2011 23:45:29 +0100 Subject: [SEC] [SA43122] Cisco WebEx Player Multiple Buffer Overflow Vulnerabilities Message-ID: <201102022245.p12MjTtf007129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco WebEx Player Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA43122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43122 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error when processing WebEx Recording Format (WRF) or Advanced Recording Format (ARF) files can be exploited to cause a buffer overflow via a specially crafted file. 2) An unspecified error when processing WebEx Recording Format (WRF) or Advanced Recording Format (ARF) files can be exploited to cause a buffer overflow via a specially crafted file. 3) An unspecified error when processing WebEx Recording Format (WRF) or Advanced Recording Format (ARF) files can be exploited to cause a buffer overflow via a specially crafted file. 4) An unspecified error when processing WebEx Recording Format (WRF) or Advanced Recording Format (ARF) files can be exploited to cause a buffer overflow via a specially crafted file. 5) A boundary error when processing a recording of a session in the WebEx player can be exploited to cause a stack-based buffer overflow via a specially crafted WebEx Recording Format (WRF) file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code, but requires tricking a user into viewing the malicious file. 6) An error when participating in a poll in the WebEx Meeting Center can be exploited to cause a stack-based buffer overflow via a specially crafted ATP (".atp") file. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires tricking a user into participating in a poll. The vulnerabilities are reported in builds prior to T27LC SP22 and prior to T27LB SP21 EP3. SOLUTION: Update to build T27LC SP22 and T27LB SP21 EP3. PROVIDED AND/OR DISCOVERED BY: 5, 6) Federico Muttis, Sebastian Tello, and Manuel Muradas, Core Security Technologies. Remaining vulnerabilities reported by the vendor, TippingPoint, and Fortinet's FortiGuard Labs. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml CORE-2010-1001: http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 15:10:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 00:10:52 +0100 Subject: [SEC] [SA43120] Terminal Server Client (tsclient) RDP File Processing Buffer Overflows Message-ID: <201102022310.p12NAqAC028454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Terminal Server Client (tsclient) RDP File Processing Buffer Overflows SECUNIA ADVISORY ID: SA43120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43120 RELEASE DATE: 2011-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/43120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Terminal Server Client (tsclient), which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the "tsc_launch_remote()" function (src/support.c) when processing a "hostname" parameter can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 255 bytes). 2) A boundary error in the "tsc_launch_remote()" function (src/support.c) when processing a "username" parameter can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 255 bytes). 3) A boundary error in the "tsc_launch_remote()" function (src/support.c) when processing a "password" parameter can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 255 bytes). 4) A boundary error in the "tsc_launch_remote()" function (src/support.c) when processing a "domain" parameter can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 255 bytes). Successful exploitation of these vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious RDP file. The vulnerabilities are confirmed in version 0.150. Other versions may also be affected. SOLUTION: Do not open RDP files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: D3V!L FUCKER Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 15:46:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 00:46:59 +0100 Subject: [SEC] [SA43167] Fedora update for dhcp Message-ID: <201102022346.p12NkxiO017938@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA43167 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43167/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43167 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43167/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43167/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43167 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43006 SOLUTION: Apply updated packages via the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2011-0862: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 16:13:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 01:13:48 +0100 Subject: [SEC] [SA43124] Limny "admin/preview.php" Security Bypass Vulnerability Message-ID: <201102030013.p130DmYq006936@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Limny "admin/preview.php" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43124 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in Limny, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to the admin/preview.php script, which can be exploited to e.g. include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is confirmed in version 3.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that access is properly restricted. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisories/Limny.3.0.0_Local.File.Inclusion_99.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 16:48:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 01:48:05 +0100 Subject: [SEC] [SA43170] Blue Coat Director OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201102030048.p130m5YT028651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat Director OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA43170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43170 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat Director, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 The vulnerability is reported in versions 5.2, 5.3, 5.4, and 5.5. SOLUTION: For versions 5.2, 5.3, and 5.4 update to the latest version. Fixes for version 5.5 are not yet available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 17:14:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 02:14:45 +0100 Subject: [SEC] [SA43141] NetBSD update for BIND Message-ID: <201102030114.p131Ej43017623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetBSD update for BIND SECUNIA ADVISORY ID: SA43141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43141 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NetBSD has issued an update for BIND. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42374 SOLUTION: Fixed in the CVS repository. See vendor advisory for details. ORIGINAL ADVISORY: NetBSD-SA2011-001: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 17:46:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 02:46:22 +0100 Subject: [SEC] [SA43153] EC-CUBE Unspecified Cross-Site Scripting Vulnerability Message-ID: <201102030146.p131kMCN006810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: EC-CUBE Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43153 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EC-CUBE, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised in data/Smarty/templates/default/list.tpl and data/Smarty/templates/default/campaign/bloc/cart_tag.tpl before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 2.4.4. SOLUTION: Update to version 2.4.4 or later. PROVIDED AND/OR DISCOVERED BY: JVN credits Takeshi Terada, Mitsui Bussan Secure Directions. ORIGINAL ADVISORY: LOCKON: http://www.ec-cube.net/info/weakness/weakness.php?id=36 JVN: http://jvn.jp/en/jp/JVN84393059/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 18:10:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 03:10:48 +0100 Subject: [SEC] [SA43171] Blue Coat ProxyAV OpenSSL Ciphersuite Downgrade Vulnerability Message-ID: <201102030210.p132Am4A028091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxyAV OpenSSL Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA43171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43171 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 The vulnerability is reported in version 3.2. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 18:45:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 03:45:41 +0100 Subject: [SEC] [SA43129] TCExam "user_password" Cross-Site Scripting Vulnerability Message-ID: <201102030245.p132jfAs017429@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TCExam "user_password" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43129 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TCExam, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "user_password" parameter to public/code/tce_user_registration.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 11.1.016. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/TCExam.11.1.016_Reflected.Cross-site.Scripting_96.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 19:12:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 04:12:58 +0100 Subject: [SEC] [SA43114] Zikula Application Framework Cross-Site Request Forgery Vulnerability Message-ID: <201102030312.p133CwAW006917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Zikula Application Framework Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43114 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zikula Application Framework, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change a user's account permissions by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 1.2.4. Prior versions may also be affected. SOLUTION: Update to version 1.2.5. ORIGINAL ADVISORY: Zikula Application Framework: http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG YGN Ethical Hacker Group: http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0593.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 19:45:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 04:45:52 +0100 Subject: [SEC] [SA43110] Ubuntu update for linux and linux-ec2 Message-ID: <201102030345.p133jqHf028577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux and linux-ec2 SECUNIA ADVISORY ID: SA43110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43110 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux and linux-ec2. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42148 SA42172 SA42354 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1054-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001239.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 20:11:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 05:11:16 +0100 Subject: [SEC] [SA43139] Ubuntu update for subversion Message-ID: <201102030411.p134BGba017487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for subversion SECUNIA ADVISORY ID: SA43139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43139 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for subversion. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41652 SA42780 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1053-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001237.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 20:45:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 05:45:28 +0100 Subject: [SEC] [SA43160] TIBCO Rendezvous Unspecified Privilege Escalation Vulnerability Message-ID: <201102030445.p134jSLq006800@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TIBCO Rendezvous Unspecified Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43160 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TIBCO Rendezvous, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error related to SUID in certain components. No further information is currently available. The vulnerability affects the following components: * TIBCO Rendezvous Routing Daemon (rvrd) * TIBCO Rendezvous Secure Daemon (rvsd) * TIBCO Rendezvous Secure Routing Daemon (rvsrd) The vulnerability is reported in the following products: * TIBCO Rendezvous versions 8.2.1 through 8.3.0 (Unix-based platforms only) * TIBCO Runtime Agent versions 5.6.2 through 5.7.0 (Unix-based platforms only) SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/services/support/advisories/rv-ems-advisory_20110201.jsp http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 21:10:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 06:10:10 +0100 Subject: [SEC] [SA43146] Plone Unspecified Security Bypass Vulnerability Message-ID: <201102030510.p135AAOA028082@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Plone Unspecified Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43146 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Plone, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to e.g. change the skin of the site, view or modify content, or gain access to the administrative controls. The vulnerability is reported in versions 2.5 through 4.0. Other versions may also be affected. SOLUTION: According to the vendor, a patch will be released on Tuesday 8th February 2011, 1600 GMT. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://plone.org/products/plone/security/advisories/cve-2011-0720 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 21:24:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 06:24:13 +0100 Subject: [SEC] [SA43151] PMB Services "id" SQL Injection Vulnerability Message-ID: <201102030524.p135OD8P016487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PMB Services "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43151 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PMB Services, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in opac_css/index.php (if "lvl" is set to "coll_see") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 3.4.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Luchador ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16087/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 21:44:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 06:44:46 +0100 Subject: [SEC] [SA43174] TIBCO Enterprise Message Service Unspecified Privilege Escalation Vulnerability Message-ID: <201102030544.p135ikOe005166@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TIBCO Enterprise Message Service Unspecified Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43174 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43174/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43174 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43174/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43174/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43174 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TIBCO Enterprise Message Service, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error related to SUID in the TIBCO Enterprise Message Service server (tibemsd) component. No further information is currently available. The vulnerability is reported in the following products: * TIBCO Enterprise Message Service versions 5.1.0 through 6.0.0 (Unix-based platforms only) * TIBCO Silver BPM Service versions prior to 1.0.4 * TIBCO Silver CAP Service versions prior to 1.0.2 * TIBCO Silver BusinessWorks Service version 1.0.0 SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/services/support/advisories/rv-ems-advisory_20110201.jsp http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 2 22:10:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 07:10:04 +0100 Subject: [SEC] [SA43135] Ubuntu update for openjdk-6 Message-ID: <201102030610.p136A4GW026489@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk-6 SECUNIA ADVISORY ID: SA43135 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43135/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43135 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43135/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43135/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43135 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk-6. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to IcedTea for Java not properly verifying signatures when handling multiply signed or partially signed JAR files, which can be exploited to e.g. trick a user into executing arbitrary code that appears to come from a verified source. Note: This also provides updated armel (ARM) architecture packages for Ubuntu 10.10, which fix CVE-2010-4351. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1055-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001238.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 10:30:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 19:30:58 +0100 Subject: [SEC] [SA43175] Fedora update for wireshark Message-ID: <201102031830.p13IUwIa009406@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA43175 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43175/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43175 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43175/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43175/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43175 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42767 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2011-0460: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html FEDORA-2011-0450: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 11:31:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 20:31:05 +0100 Subject: [SEC] [SA43179] Drupal Droptor Module SQL Injection Vulnerability Message-ID: <201102031931.p13JV5C2032307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Droptor Module SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43179 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Droptor module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the URL is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "memory monitoring" is enabled. The vulnerability is reported in versions prior to 6.x-2.8. SOLUTION: Update to version 6.x-2.8 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Heine Deelstra, Drupal Security Team * Peter Wolanin, Drupal Security Team ORIGINAL ADVISORY: SA-CONTRIB-2011-009: http://drupal.org/node/1049126 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 12:31:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 21:31:36 +0100 Subject: [SEC] [SA43178] Betsy "page" Local File Inclusion Vulnerability Message-ID: <201102032031.p13KVaKF022802@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Betsy "page" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA43178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43178 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Betsy, which can be exploited by malicious people to disclose sensitive information. Input passed via the "page" parameter to ress.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in version 4.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Hamza 'MizoZ' N. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 13:32:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 22:32:03 +0100 Subject: [SEC] [SA43165] Fedora update for bugzilla Message-ID: <201102032132.p13LW3Wc013304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bugzilla SECUNIA ADVISORY ID: SA43165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43165 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bugzilla. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct HTTP response splitting attacks, cross-site request forgery attacks, and bypass certain security restrictions. For more information: SA43033 SOLUTION: Apply updated packages via the yum utility ("yum update bugzilla"). ORIGINAL ADVISORY: FEDORA-2011-0741: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html FEDORA-2011-0755: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 14:25:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 23:25:07 +0100 Subject: [SEC] [SA43182] Drupal Flag Page Module Script Insertion Vulnerability Message-ID: <201102032225.p13MP7Q8003448@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Flag Page Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43182 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43182/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43182 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43182/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43182/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43182 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Flag Page module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the flag title when creating or editing flags is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer flags" permissions. The vulnerability is reported in versions prior to 6.x-1.3 and 6.x-2.2. SOLUTION: Update to version 6.x-1.3 or later or version 6.x-2.2 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Balazs Dianiska (snufkin). ORIGINAL ADVISORY: SA-CONTRIB-2011-006: http://drupal.org/node/1049042 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 14:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Feb 2011 23:46:07 +0100 Subject: [SEC] [SA43184] Drupal Userpoints Module Script Insertion Vulnerability Message-ID: <201102032246.p13Mk7Vm024601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Userpoints Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43184 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43184/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43184 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43184/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43184/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43184 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Userpoints module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer userpoints" permissions. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: SA-CONTRIB-2011-007: http://drupal.org/node/1048944 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 15:17:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 00:17:49 +0100 Subject: [SEC] [SA43125] Majordomo 2 "_list_file_get()" Directory Traversal Vulnerability Message-ID: <201102032317.p13NHnsc013806@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Majordomo 2 "_list_file_get()" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43125 RELEASE DATE: 2011-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/43125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Michael Brooks has reported a vulnerability in Majordomo 2, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error in the "_list_file_get()" function (lib/Majordomo.pm) when handling files. This can be exploited to disclose an arbitrary file via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web) The vulnerability is reported in snapshots prior to 20110130. SOLUTION: Update to snapshot 20110130 or later. PROVIDED AND/OR DISCOVERED BY: Michael Brooks ORIGINAL ADVISORY: https://sitewat.ch/en/Advisory/View/1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 15:51:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 00:51:17 +0100 Subject: [SEC] [SA43158] TANDBERG Products Root Default Password Security Issue Message-ID: <201102032351.p13NpH9k003172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TANDBERG Products Root Default Password Security Issue SECUNIA ADVISORY ID: SA43158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43158 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple TANDBERG products, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the devices containing an enabled root user account with a blank password, which is used for advanced debugging. This can be exploited to gain administrative access to the device. NOTE: The root account cannot be disabled and is not the same as the admin account. The security issue is reported in versions prior to TC 4.0.0 in the following products: * TANDBERG C Series Endpoints * TANDBERG E/EX Personal Video SOLUTION: Apply update (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by xorcist in an article of the 2600 magazine (volume 27, #3). ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 16:14:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 01:14:17 +0100 Subject: [SEC] [SA43185] Drupal AES Module Password Information Disclosure Security Issue Message-ID: <201102040014.p140EHjc024422@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal AES Module Password Information Disclosure Security Issue SECUNIA ADVISORY ID: SA43185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43185 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the AES module for Drupal, which can be exploited by malicious people to disclose sensitive information. The module saves the password of the last user to log in to a text file under the Drupal root directory. This can be exploited to disclose the password by requesting the file directly. The security issue is reported in version 7.x-1.4. SOLUTION: Update to version 7.x-1.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Shawn Smiley. ORIGINAL ADVISORY: SA-CONTRIB-2011-005: http://drupal.org/node/1048998 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 16:48:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 01:48:42 +0100 Subject: [SEC] [SA43105] Ubuntu update for openoffice.org Message-ID: <201102040048.p140mgDb013744@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openoffice.org SECUNIA ADVISORY ID: SA43105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43105 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openoffice.org. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1056-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001240.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 17:16:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 02:16:00 +0100 Subject: [SEC] [SA42800] SigPlus Pro ActiveX Control Multiple Vulnerabilities Message-ID: <201102040116.p141G0jt002731@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SigPlus Pro ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42800 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/42800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in SigPlus Pro ActiveX control, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing the "KeyString" property can be exploited to cause a heap-based buffer overflow via an overly long string. 2) A boundary error when processing the "SetLocalIniFilePath()" method can be exploited to cause a heap-based buffer overflow via an overly long string passed in the "NewPath" parameter. 3) An error due to an unsafe "SetLogFilePath()" method creating a log file in a specified location can be exploited in combination with e.g. the "SigMessage()" method to create an arbitrary file with controlled content. 4) A boundary error when processing the "SetTabletPortPath()" method can be exploited to cause a heap-based buffer overflow via an overly long string passed in the "NewPortPath" parameter. Successful exploitation of these vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 3.95. Other versions may also be affected. SOLUTION: Upgrade to version 4.29. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-1/ http://secunia.com/secunia_research/2011-2/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 17:45:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 02:45:52 +0100 Subject: [SEC] [SA43180] IBM Rational Build Forge Cross-Site Scripting Vulnerability Message-ID: <201102040145.p141jqXM024298@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Rational Build Forge Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43180 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Rational Build Forge, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to fullcontrol/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 7.02. SOLUTION: Apply APAR PM05187. PROVIDED AND/OR DISCOVERED BY: The vendor credits a customer. ORIGINAL ADVISORY: IBM (PM05187): http://www.ibm.com/support/docview.wss?uid=swg1PM05187 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 18:11:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 03:11:29 +0100 Subject: [SEC] [SA43183] Drupal Chatroom Module Two Vulnerabilities Message-ID: <201102040211.p142BTY9013218@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Chatroom Module Two Vulnerabilities SECUNIA ADVISORY ID: SA43183 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43183/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43183 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43183/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43183/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43183 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the Chatroom module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks. 1) The module allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to execute certain administrative tasks by tricking a logged-in administrator into visiting a malicious web site. 2) Input passed via chat messages is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 6.x-2.13. SOLUTION: Update to version 6.x-2.13 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Greg Knaddison, Drupal Security Team 2) Steffen Sch?ssler ORIGINAL ADVISORY: SA-CONTRIB-2011-008: http://drupal.org/node/1048990 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 18:45:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 03:45:53 +0100 Subject: [SEC] [SA43176] CMME Xinha Cross-Site Scripting and File Upload Message-ID: <201102040245.p142jrGL002518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CMME Xinha Cross-Site Scripting and File Upload SECUNIA ADVISORY ID: SA43176 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43176/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43176 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43176/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43176/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43176 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered CMME, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks. The vulnerabilities exist in the bundled version of Xinha. For more information: SA40669 SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the xinha/plugins/ExtendedFileManager/demo_images and xinha/plugins/ImageManager/demo_images folder (e.g. via .htaccess). OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 19:15:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 04:15:52 +0100 Subject: [SEC] [SA43142] MediaWiki CSS Comments Script Insertion Vulnerability Message-ID: <201102040315.p143Fq14024572@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MediaWiki CSS Comments Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43142 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MediaWiki, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via CSS comments is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 1.16.2. SOLUTION: Update to version 1.16.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits mghack. ORIGINAL ADVISORY: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html https://bugzilla.wikimedia.org/show_bug.cgi?id=27093 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 3 19:45:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 04:45:51 +0100 Subject: [SEC] [SA43159] Serendipity Xinha Cross-Site Scripting and File Upload Message-ID: <201102040345.p143jpku013687@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Serendipity Xinha Cross-Site Scripting and File Upload SECUNIA ADVISORY ID: SA43159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43159 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. The vulnerabilities exist in the bundled version of Xinha. For more information: SA40669 SOLUTION: Update to version 1.5.5. ORIGINAL ADVISORY: http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 10:31:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 19:31:21 +0100 Subject: [SEC] [SA43177] BMC Products BGS_MULTIPLE_READS Buffer Overflow Vulnerability Message-ID: <201102041831.p14IVLtV008950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BMC Products BGS_MULTIPLE_READS Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43177 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BMC products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the BMC Patrol Agent service when processing certain BGS_MULTIPLE_READS commands. This can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 6768. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in the following products: * BMC Performance Analysis for Servers versions 7.4.00 through 7.5.10 * BMC Performance Assurance for Servers, versions 7.4.00 through 7.5.10 * BMC Performance Assurance for Virtual Servers versions 7.4.00 through 7.5.10 * BMC Performance Analyzer for Servers versions 7.4.00 through 7.5.10 * BMC Performance Predictor for Servers versions 7.4.00 through 7.5.10 * BMC Capacity Management Essentials 1.2.00 (7.4.15) SOLUTION: Apply patch available via tracking number QM001683974. Please contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Manuel Santamarina-Suarez via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-039/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 11:30:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 20:30:59 +0100 Subject: [SEC] [SA43119] Fedora update for asterisk Message-ID: <201102041930.p14JUxiU031803@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for asterisk SECUNIA ADVISORY ID: SA43119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43119 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42935 SOLUTION: Apply updated packages via the yum utility ("yum update asterisk"). ORIGINAL ADVISORY: FEDORA-2011-0794: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html FEDORA-2011-0774: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 12:31:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 21:31:01 +0100 Subject: [SEC] [SA43189] Red Hat update for php53 Message-ID: <201102042031.p14KV1Ke022271@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for php53 SECUNIA ADVISORY ID: SA43189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43189 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for php53. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to potentially disclose sensitive information and cause a DoS (Denial of Service). For more information: SA41724 SA42135 SA43051 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0196-1: https://rhn.redhat.com/errata/RHSA-2011-0196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 13:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 22:31:32 +0100 Subject: [SEC] [SA43193] Google Chrome Multiple Vulnerabilities Message-ID: <201102042131.p14LVWQI012776@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43193 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43193/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43193 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43193/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43193/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43193 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses and vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user's system. 1) An error within the sandbox related to "stat()" can be exploited to leak certain information. Note: This only affects the Mac OS X version. 2) A use-after-free error exists within the image loading. 3) Some restrictions are not properly applied to cross-origin drag and drop operations. 4) An error exists related to "extensions with missing key", which can be exploited to cause a crash. 5) An error exists within the PDF event handler, which can be exploited to cause a crash. 6) An error exists within the merging of autofill profiles. 7) An error related to the Mac OS 10.5 SSL libraries can be exploited to cause a crash. Note: This only affects the Mac OS X version. 8) An error related to a bad volume setting can be exploited to cause a crash. 9) A race condition error exists within the audio handling. SOLUTION: Fixed in version 9.0.597.84. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Daniel Cheng 2, 5) Aki Helin, OUSPG 3) SkyLined of the Google Chrome Security Team and Michal Zalewski and David Bloom of the Google Security Team 4) Brian Kirchoff 6) Inferno, Google Chrome Security Team 7) Dan Morrison 8) Matthew Heidermann 9) various persons of the "Reddit!" community ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 14:24:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 23:24:42 +0100 Subject: [SEC] [SA43196] Techphoebe QuickShare File Server FTP Directory Traversal Vulnerability Message-ID: <201102042224.p14MOgf0002914@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Techphoebe QuickShare File Server FTP Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA43196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43196 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Techphoebe QuickShare File Server, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. The vulnerability is caused due to the FTP server not properly filtering directory traversal sequences, which can be exploited to e.g. read or write arbitrary files outside the server's root directory by sending specially crafted commands to the server. Successful exploitation to write to files outside of the server's root directory requires write privileges. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: modpr0be ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16105/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 14:46:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Feb 2011 23:46:07 +0100 Subject: [SEC] [SA43187] Red Hat update for postgresql Message-ID: <201102042246.p14Mk7Bh024073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for postgresql SECUNIA ADVISORY ID: SA43187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43187 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for postgresql. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0197-1: http://rhn.redhat.com/errata/RHSA-2011-0197.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 15:17:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 00:17:14 +0100 Subject: [SEC] [SA43191] Moxa Device Manager MDM Tool Buffer Overflow Vulnerability Message-ID: <201102042317.p14NHEFL013354@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Moxa Device Manager MDM Tool Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43191 RELEASE DATE: 2011-02-04 DISCUSS ADVISORY: http://secunia.com/advisories/43191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Moxa Device Manager MDM Tool, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error within the "MDMUtil.dll" module when processing certain messages. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into connecting to a malicious MDM gateway. The vulnerability is reported in version 2.1. Other versions may also be affected. SOLUTION: Reportedly fixed in version 2.3. PROVIDED AND/OR DISCOVERED BY: Rub?n Santamarta ORIGINAL ADVISORY: Rub?n Santamarta: http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 15:48:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 00:48:18 +0100 Subject: [SEC] [SA43155] Debian update for postgresql Message-ID: <201102042348.p14NmIjA002469@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for postgresql SECUNIA ADVISORY ID: SA43155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43155 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for postgresql. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2157-1: http://lists.debian.org/debian-security-announce/2011/msg00022.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 16:13:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 01:13:14 +0100 Subject: [SEC] [SA43188] Red Hat update for postgresql84 Message-ID: <201102050013.p150DE1S023823@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for postgresql84 SECUNIA ADVISORY ID: SA43188 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43188/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43188 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43188/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43188/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43188 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for postgresql84. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0198-1: https://rhn.redhat.com/errata/RHSA-2011-0198.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 16:48:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 01:48:46 +0100 Subject: [SEC] [SA43154] Ubuntu update for postgresql Message-ID: <201102050048.p150mkxc013189@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for postgresql SECUNIA ADVISORY ID: SA43154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43154 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for postgresql. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1058-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001242.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 17:17:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 02:17:00 +0100 Subject: [SEC] [SA43130] ReOS Multiple SQL Injection Vulnerabilities Message-ID: <201102050117.p151H0Vk002187@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ReOS Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43130 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in ReOS, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed via the "form1_tp_state", "form1_tp_servicio", and "form1_tp_propiedad" parameters to members.php (when a parameter whose name ends in "data" is set to "my_immos" and "form1_phpform_sent" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of these vulnerabilities requires authentication. 2) Input passed via the "form1_in_order", "form1_order_by", "form1_tp_propiedad", "form1_tp_servicio", "form1_precio_min", "form1_precio_max", and "form1_ref_immo" parameters to index.php (when a parameter whose name ends in "data" is set to "pg=verimmo,show=0" and "form1_phpform_sent" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 2.0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge (HTB22807): http://www.htbridge.ch/advisory/sql_injection_in_reos_1.html High-Tech Bridge (HTB22809): http://www.htbridge.ch/advisory/sql_injection_in_reos_2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 17:46:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 02:46:00 +0100 Subject: [SEC] [SA43161] Ubuntu update for linux-source-2.6.15 Message-ID: <201102050146.p151k0wx023723@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-source-2.6.15 SECUNIA ADVISORY ID: SA43161 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43161/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43161 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43161/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43161/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43161 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-source-2.6.15. This fixes some weaknesses, which can be exploited by malicious, local users to disclose certain system information and by malicious people to disclose potentially sensitive information. For more information: SA40205 SA41440 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1057-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001241.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 4 18:11:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Feb 2011 03:11:18 +0100 Subject: [SEC] [SA43211] IBM WebSphere Application Server for z/OS "apr_brigade_split_line()" Denial of Service Message-ID: <201102050211.p152BIJW012633@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS "apr_brigade_split_line()" Denial of Service SECUNIA ADVISORY ID: SA43211 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43211/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43211 RELEASE DATE: 2011-02-05 DISCUSS ADVISORY: http://secunia.com/advisories/43211/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43211/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43211 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA41701 SOLUTION: Apply APAR PM23263 or update to version 7.0.0.15 when it becomes available. ORIGINAL ADVISORY: IBM (PM23263): http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 10:31:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 19:31:20 +0100 Subject: [SEC] [SA43163] HTC Products Peep Twitter Credentials Information Disclosure Security Issue Message-ID: <201102071831.p17IVKgn013377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HTC Products Peep Twitter Credentials Information Disclosure Security Issue SECUNIA ADVISORY ID: SA43163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43163 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Raul Siles has reported a security issue in multiple HTC products, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to the default Twitter application (Peep) transmitting credentials Base64-encoded or in plaintext. This can be exploited to disclose the authentication credentials by e.g sniffing network traffic or via a Man-in-the-Middle (MitM) attack. The security issue is reported in Peep version 2_5_19212224_0 running on the following devices: * HTC HD2 * HTC HD mini * HTC Touch Diamond2 * HTC Touch Pro2 SOLUTION: Do not use the default Twitter application (Peep). PROVIDED AND/OR DISCOVERED BY: Raul Siles, Taddong ORIGINAL ADVISORY: http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 11:31:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 20:31:09 +0100 Subject: [SEC] [SA43226] Chamilo Two File Disclosure Vulnerabilities Message-ID: <201102071931.p17JV9AJ003826@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Chamilo Two File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA43226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43226 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Chamilo, which can be exploited by malicious users to disclose potentially sensitive information. For more information: SA43205 The vulnerabilities are confirmed in version 1.8.7.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: beford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 12:31:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 21:31:01 +0100 Subject: [SEC] [SA43204] Escort Service Begleitagentur "custid" SQL Injection Vulnerability Message-ID: <201102072031.p17KV1pd026721@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Escort Service Begleitagentur "custid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43204 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43204/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43204 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43204/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43204/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43204 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Escort Service Begleitagentur, which can be exploited my malicious people to conduct SQL injection attacks. Input passed to the "custid" parameter in show_profile.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: NoNameMT ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16117 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 13:31:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 22:31:13 +0100 Subject: [SEC] [SA43198] Apache Tomcat Multiple Vulnerabilities Message-ID: <201102072131.p17LVD1U017220@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges. This vulnerability is reported in versions 5.5.0 through 5.5.29. 2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions 5.5.0 through 5.5.31. 3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language"). This vulnerability is reported in versions prior to 5.5.33. SOLUTION: Update to version 5.5.33. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 14:26:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 23:26:11 +0100 Subject: [SEC] [SA43162] YUI Multiple Script Insertion Vulnerabilities Message-ID: <201102072226.p17MQB27007476@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: YUI Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA43162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43162 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in YUI, which can be exploited by malicious users to conduct script insertion attacks. For more information see vulnerabilities #3 and #5: SA43033 1) Certain Input passed to the "addItem()" method is not properly sanitised before being used in the Menu widget. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 2.9.0. SOLUTION: Fixed in the GIT repository. Update to version 2.9.0 when it becomes available. PROVIDED AND/OR DISCOVERED BY: 1) Reported by jkl in a YUI forum post. ORIGINAL ADVISORY: http://yuilibrary.com/forum/viewtopic.php?p=12923 http://yuilibrary.com/projects/yui2/ticket/2529228 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 14:54:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Feb 2011 23:54:41 +0100 Subject: [SEC] [SA43214] Kolibri WebServer HTTP Request Processing Buffer Overflow Message-ID: <201102072254.p17MsfEc028945@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kolibri WebServer HTTP Request Processing Buffer Overflow SECUNIA ADVISORY ID: SA43214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43214 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Kolibri WebServer, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when processing web requests and can be exploited to cause a stack-based buffer overflow via an overly long string passed in e.g. a HEAD or GET request. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: TheLeader ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15834 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 15:29:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 00:29:52 +0100 Subject: [SEC] [SA43203] Xerox WorkCentre Web Server Command Injection Vulnerability Message-ID: <201102072329.p17NTqBl018400@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xerox WorkCentre Web Server Command Injection Vulnerability SECUNIA ADVISORY ID: SA43203 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43203/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43203 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43203/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43203/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43203 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xerox WorkCentre, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the web server, which can be exploited to inject and execute arbitrary commands via a specially crafted request. The vulnerability is reported in versions 7655, 7665, and 7675. SOLUTION: Apply patch P45. Please see the vendor's advisory for more information. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits thelightcosine. ORIGINAL ADVISORY: XRX11-001: http://www.xerox.com/downloads/usa/en/c/cert_XRX11-001_v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 15:48:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 00:48:22 +0100 Subject: [SEC] [SA43209] Hitachi Tuning Manager Cross-Site Scripting Vulnerability Message-ID: <201102072348.p17NmMaE007023@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Tuning Manager Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43209 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Tuning Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 6.0.0 through 6.4.0-01 and 7.0.0 running on Windows and Solaris. SOLUTION: Update to version 6.4.0-02 or 7.0.0-01. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS11-002: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-002/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 16:13:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 01:13:45 +0100 Subject: [SEC] [SA43194] Apache Tomcat Multiple Vulnerabilities Message-ID: <201102080013.p180Djcv028354@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43194 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). For more information: SA43198 1) An error due to the "maxHttpHeaderSize" limit not being enforced in the NIO HTTP connector can be exploited to cause an "OutOfMemory" error via a specially crafted web request. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 16:48:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 01:48:33 +0100 Subject: [SEC] [SA43223] IBM Rational Team Concert Report Name Script Insertion Vulnerability Message-ID: <201102080048.p180mXJc017717@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Rational Team Concert Report Name Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43223 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43223 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43223/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43223/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43223 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Rational Team Concert, which can be exploited by malicious users to conduct script insertion attacks. Input passed via report names is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Apply APAR PM22477. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM22477): http://www.ibm.com/support/docview.wss?uid=swg1PM22477 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 17:16:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 02:16:36 +0100 Subject: [SEC] [SA43134] IBM Lotus Connections Wikis Cross-Site Scripting Vulnerability Message-ID: <201102080116.p181Ga1B006762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Lotus Connections Wikis Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43134 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43134/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43134 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43134/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43134/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43134 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Connections, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised in the Wikis component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 3.0. SOLUTION: Apply APAR LO57850. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1LO57850 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 17:46:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 02:46:17 +0100 Subject: [SEC] [SA43225] Conky "/tmp/.cesf" Insecure Temporary File Security Issue Message-ID: <201102080146.p181kHTZ028279@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Conky "/tmp/.cesf" Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA43225 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43225/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43225 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43225/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43225/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43225 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Conky, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to Conky's "eve" module using the "/tmp/.cesf" file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files with the privileges of the user running Conky. Successful exploitation requires that the "eve" module is compiled and configured. The security issue is reported in version 1.8.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in an Ubuntu bug by segooon. ORIGINAL ADVISORY: Ubuntu Bug #607309: https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 18:11:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 03:11:08 +0100 Subject: [SEC] [SA43181] OpenSSH Legacy Certificates Stack Memory Leak Weakness Message-ID: <201102080211.p182B8tY017179@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenSSH Legacy Certificates Stack Memory Leak Weakness SECUNIA ADVISORY ID: SA43181 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43181/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43181 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43181/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43181/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43181 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in OpenSSH, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to OpenSSH not properly initialising a nonce field with random data when generating legacy certificates ("-t" command line option of ssh-keygen). This can result in certain stack memory being used as nonce, which can lead to the disclosure of potentially sensitive information. Note: Certificates with user-specified contents may also be less protected against hash collision attacks. However, these attacks are currently not considered practical for the SHA signatures used. The weakness is reported in versions 5.6 and 5.7. SOLUTION: Update to version 5.8 or apply the patch (see vendor's advisory for additional details). Rotate the CA key for legacy certificates generated with a vulnerable version. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mateusz Kocielski. ORIGINAL ADVISORY: OpenSSH: http://www.openssh.com/txt/legacy-cert.adv http://www.openssh.com/txt/release-5.8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 18:46:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 03:46:24 +0100 Subject: [SEC] [SA42830] QEMU Empty VNC Password Authentication Bypass Security Issue Message-ID: <201102080246.p182kOE3006547@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: QEMU Empty VNC Password Authentication Bypass Security Issue SECUNIA ADVISORY ID: SA42830 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42830/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42830 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/42830/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42830/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42830 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in QEMU, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to QEMU incorrectly disabling the authentication if an empty VNC password is set, which can be exploited to e.g. access the VNC service. SOLUTION: Do not set empty VNC passwords. PROVIDED AND/OR DISCOVERED BY: Reported in an Ubuntu bug by Neil Wilson. ORIGINAL ADVISORY: Ubuntu Bug #697197: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 19:16:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 04:16:31 +0100 Subject: [SEC] [SA43221] feh "feh_unique_filename()" Predictable Filename Security Issue Message-ID: <201102080316.p183GVxc028583@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: feh "feh_unique_filename()" Predictable Filename Security Issue SECUNIA ADVISORY ID: SA43221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43221 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in feh, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "feh_unique_filename()" function in src/utls.c generating predictable filenames, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is confirmed in version 1.11.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in an Ubuntu bug by segooon. ORIGINAL ADVISORY: Ubuntu Bug #607328: https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Feb 7 19:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 04:46:11 +0100 Subject: [SEC] [SA43205] Dokeos Two File Disclosure Vulnerabilities Message-ID: <201102080346.p183kBbf017697@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Dokeos Two File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA43205 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43205/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43205 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43205/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43205/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43205 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Dokeos, which can be exploited by malicious users to disclose potentially sensitive information. 1) Input passed via the "file" parameter to main/gradebook/open_document.php is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. Successful exploitation of this vulnerability requires authentication. 2) Input passed via the "doc_url" parameter to main/document/download.php is not properly sanitised before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. Successful exploitation of this vulnerability requires a user account with access permissions to a "Training". The vulnerabilities are confirmed in version 1.8.6.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified and sanitised. PROVIDED AND/OR DISCOVERED BY: beford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 10:31:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 19:31:19 +0100 Subject: [SEC] [SA43234] ProFTPD "mod_sftp" Large Payload Denial of Service Vulnerability Message-ID: <201102081831.p18IVJbA012954@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ProFTPD "mod_sftp" Large Payload Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43234 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43234/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43234 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43234/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43234/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43234 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ProFTPD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to ProFTPD's "mod_sftp" module not restricting the maximum payload size of SSH packets. This can be exploited to e.g. exhaust memory by sending SSH packets with a large payload size to the server. Successful exploitation requires that the "mod_sftp" module is used. The vulnerability is confirmed in version 1.3.3d. Other versions may also be affected. SOLUTION: Apply patch from the vendor. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits a ProFTPD user. ORIGINAL ADVISORY: ProFTPD Bug #3586: http://bugs.proftpd.org/show_bug.cgi?id=3586 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 11:29:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 20:29:57 +0100 Subject: [SEC] [SA43215] Microsoft Windows Active Directory SPN Collision Denial of Service Message-ID: <201102081929.p18JTvPm003357@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Active Directory SPN Collision Denial of Service SECUNIA ADVISORY ID: SA43215 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43215/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43215 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43215/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43215/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43215 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in Active Directory when handling SPN (Service Principal Name) update requests. This can be exploited to cause SPN collisions via specially crafted packets sent to the Active Directory server, causing services using SPN and configured to negotiate to downgrade to NTLM (NT LAN Manager) while services not configured to negotiate become unavailable. Successful exploitation requires local Administrator privileges on a domain-joined computer. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-005 (KB2478953): http://www.microsoft.com/technet/security/Bulletin/MS11-005.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 12:30:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 21:30:15 +0100 Subject: [SEC] [SA43208] IBM Lotus Domino Multiple Vulnerabilities Message-ID: <201102082030.p18KUFc4026268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43208 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43208/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43208 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43208/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43208/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43208 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within nrouter.exe when parsing "Content-Type" headers in calendar meeting requests can be exploited to cause a stack-based buffer overflow. 2) A signedness error within ndiiop.exe when parsing GIOP client request packets can be exploited to cause a heap-based buffer overflow via specially crafted GIOP packet. 3) A boundary error within ndiiop.exe when parsing GIOP getEnvironmentString requests can be exploited to cause a stack-based buffer overflow via a specially crafted GIOP request. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: The vulnerabilities will be addressed in version 8.5.3 scheduled for release in Q2 2011. PROVIDED AND/OR DISCOVERED BY: 1) An anonymous person via ZDI. 2, 3) Intevydis via ZDI. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21461514 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-048/ http://www.zerodayinitiative.com/advisories/ZDI-11-052/ http://www.zerodayinitiative.com/advisories/ZDI-11-053/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 13:30:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 22:30:41 +0100 Subject: [SEC] [SA43250] Microsoft Windows CSRSS Logoff Process Termination Vulnerability Message-ID: <201102082130.p18LUfMH016767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows CSRSS Logoff Process Termination Vulnerability SECUNIA ADVISORY ID: SA43250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43250 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the Client/Server Run-time Subsystem (CSRSS) not properly terminating user processes during logoff and can be exploited to cause a malicious process to continue executing after log off. Successful exploitation may allow disclosing the credentials or gaining access to data of a subsequently logged-in user. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sihan Qing, Weiping Wen, Liang Yi, and Husheng Zhou, Beijing University Department of Information Security. ORIGINAL ADVISORY: MS11-010 (KB2476687): http://www.microsoft.com/technet/security/Bulletin/MS11-010.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 14:27:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 23:27:18 +0100 Subject: [SEC] [SA43249] Microsoft Windows JScript / VBScript Scripting Engine Information Disclosure Message-ID: <201102082227.p18MRIG5007087@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows JScript / VBScript Scripting Engine Information Disclosure SECUNIA ADVISORY ID: SA43249 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43249/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43249 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43249/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43249/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43249 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the JScript and VBScript scripting engines when processing scripts. This can be exploited to disclose certain information by tricking a user into viewing a specially crafted web page. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yamata Li, Palo Alto Networks. ORIGINAL ADVISORY: MS11-009 (KB2475792): http://www.microsoft.com/technet/security/Bulletin/MS11-009.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 14:56:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Feb 2011 23:56:01 +0100 Subject: [SEC] [SA43216] Microsoft Office Excel Shape Data Parsing Use-After-Free Vulnerability Message-ID: <201102082256.p18Mu1bS028559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Shape Data Parsing Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA43216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43216 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when parsing shape data within a specific container and can be exploited to dereference an already freed object via a specially crafted file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Aniway and an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-043/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 15:33:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 00:33:08 +0100 Subject: [SEC] [SA43232] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow Message-ID: <201102082333.p18NX8Wn018125@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow SECUNIA ADVISORY ID: SA43232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43232 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when parsing an Axis Properties record and can be exploited to cause a stack-based buffer overflow via a specially crafted file. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Aniway via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-042/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 16:00:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 01:00:27 +0100 Subject: [SEC] [SA43212] IBM Informix Dynamic Server USELASTCOMMITTED Option Buffer Overflow Message-ID: <201102090000.p1900R4U007124@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Informix Dynamic Server USELASTCOMMITTED Option Buffer Overflow SECUNIA ADVISORY ID: SA43212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43212 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the oninit process (port 9088/TCP) when processing arguments to the "USELASTCOMMITTED" environment option in a SQL query. This can be exploited to cause a stack-based buffer overflow via an overly long argument. Successful exploitation may allow execution of arbitrary code, but requires SQL query execution privileges. The vulnerability is reported in version 11.50. Other versions may also be affected. SOLUTION: Restrict access to the service. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-050/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 16:28:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 01:28:25 +0100 Subject: [SEC] [SA43218] Accellion File Transfer Appliance Multiple Vulnerabilities Message-ID: <201102090028.p190SPUx028561@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Accellion File Transfer Appliance Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43218 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43218/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43218 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43218/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43218/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43218 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HD Moore has reported multiple vulnerabilities in Accellion File Transfer Appliance, which can be exploited by malicious, local users to disclose sensitive information and gain escalated privileges and by malicious users and malicious people to compromise a vulnerable system. 1) An error in the Message Routing daemon due to use of static encryption keys can be exploited to perform administrative tasks on the appliance via encrypted messages sent to port 8812/UDP. 2) An input sanitation error in the "insert_plugin_meta_info()" function of the MatchRep daemon can be exploited to inject and execute arbitrary shell commands via a specially crafted message sent to port 8812/UDP. 3) An error when handling Secure Shell (SSH) logins for the default administrative account (admin) can be exploited to login remotely by executing a shell without a TTY terminal. 4) An error due to the appliance using static passwords for several administrative accounts can be exploited to login via SSH using a brute-force attack. 5) An error due to the appliance using static SSH keys to allow password-less login for the administrative user (soggycat) can be exploited to login via SSH. 6) An error due to an insecure configuration of a MySQL root account in various configuration files can be exploited by local users to disclose the password. 7) An error due to the rsync daemon allowing read-write access to the administrative user's (soggycat) home directory can be exploited by local users to gain administrative privileges. The vulnerabilities are reported in versions prior to 8_0_562. SOLUTION: Reportedly fixed in version 8_0_562. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: HD Moore ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0118.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 16:50:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 01:50:40 +0100 Subject: [SEC] [SA43210] Microsoft Office Excel Invalid Object Type Vulnerability Message-ID: <201102090050.p190oeJR017362@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Invalid Object Type Vulnerability SECUNIA ADVISORY ID: SA43210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43210 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error that causes an invalid object to be used when parsing a specially crafted file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported by an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-040/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 17:17:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 02:17:26 +0100 Subject: [SEC] [SA43246] EMC Networker Module for Microsoft Applications Command Execution Vulnerability Message-ID: <201102090117.p191HQN4006353@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: EMC Networker Module for Microsoft Applications Command Execution Vulnerability SECUNIA ADVISORY ID: SA43246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43246 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Networker Module for Microsoft Applications, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43164 SOLUTION: Restrict access to the service. PROVIDED AND/OR DISCOVERED BY: Reported by an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-061/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 17:46:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 02:46:28 +0100 Subject: [SEC] [SA43164] EMC Replication Manager Client irccd.exe Command Execution Vulnerability Message-ID: <201102090146.p191kShN027830@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: EMC Replication Manager Client irccd.exe Command Execution Vulnerability SECUNIA ADVISORY ID: SA43164 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43164/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43164 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43164/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43164/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43164 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Replication Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the client as the irccd.exe service listening on port 6542/TCP allows executing arbitrary commands via the RunProgram functionality. This is related to: SA36251 SOLUTION: Update to version 5.3 available through EMC Powerlink. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-061/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 18:11:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 03:11:57 +0100 Subject: [SEC] [SA43224] IBM Lotus Domino Multiple Vulnerabilities Message-ID: <201102090211.p192Bv3s016774@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43224 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43224/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43224 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43224/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43224/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43224 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system. 1) An error within the POP3 and IMAP services when expanding specific non-printable characters within the "mail from" command in e-mail messages can be exploited to corrupt memory. 2) A boundary error within the NRouter service when parsing "ATTACH:CID" and "Content-ID" headers in e-mail messages can be exploited to cause a stack-based buffer overflow. 3) A boundary error within nLDAP.exe when processing a LDAP Bind Request packet can be exploited to cause a buffer overflow via a specially crafted packet sent to port 389/TCP. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Restrict access to the affected services. PROVIDED AND/OR DISCOVERED BY: 1) An anonymous person via ZDI. 2) An anonymous person via ZDI. 3) Francis Provencher, Protek Research Labs via ZDI. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21461514 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-045/ http://www.zerodayinitiative.com/advisories/ZDI-11-046/ http://www.zerodayinitiative.com/advisories/ZDI-11-047/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 18:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 03:46:34 +0100 Subject: [SEC] [SA43240] Fedora update for PostgreSQL Message-ID: <201102090246.p192kY3O006108@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for PostgreSQL SECUNIA ADVISORY ID: SA43240 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43240/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43240 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43240/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43240/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43240 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for PostgreSQL. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA43144 SOLUTION: Apply updated packages via the yum utility ("yum update postgresql"). ORIGINAL ADVISORY: FEDORA-2011-0990: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 19:19:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 04:19:17 +0100 Subject: [SEC] [SA43244] HP StorageWorks X9000 Network Storage Systems Security Bypass Vulnerability Message-ID: <201102090319.p193JHAh028236@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP StorageWorks X9000 Network Storage Systems Security Bypass Vulnerability SECUNIA ADVISORY ID: SA43244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43244 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks X9000 Network Storage Systems, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to an error that allows accessing accounts with expired passwords without proper authentication. This may be related to: SA40725 The vulnerability is reported all 5.4 versions. SOLUTION: The vendor recommends explicitly disabling the local Administrator account and any lsassd local-provider accounts not in use. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBST02630 SSRT1000385: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712670 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 19:47:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 04:47:38 +0100 Subject: [SEC] [SA43248] Drupal CiviCRM Module Multiple Vulnerabilities Message-ID: <201102090347.p193lcYm017307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Drupal CiviCRM Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43248 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) The application bundles a vulnerable version of Open Flash Chart. For more information: SA37903 2) Input passed via the "defaultPath" parameter to sites/all/modules/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php, via the "class" parameter to sites/all/modules/civicrm/packages/amfphp/browser/details.php, and via the "lang" parameter to sites/all/modules/civicrm/packages/PHPgettext/examples/pigs_dropin.php and to sites/all/modules/civicrm/packages/PHPgettext/examples/pigs_fallback.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.3.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 20:11:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 05:11:56 +0100 Subject: [SEC] [SA43213] Microsoft Office PowerPoint OfficeArt Container Parsing Vulnerability Message-ID: <201102090411.p194BuEI006177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Office PowerPoint OfficeArt Container Parsing Vulnerability SECUNIA ADVISORY ID: SA43213 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43213/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43213 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43213/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43213/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43213 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the parsing of external objects within an OfficeArt container and can be exploited to append an uninitialised object to a list and later dereference it when e.g. closing a specially crafted file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported by an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-044/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 20:46:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 05:46:19 +0100 Subject: [SEC] [SA43220] Ubuntu update for dovecot Message-ID: <201102090446.p194kJsF027906@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for dovecot SECUNIA ADVISORY ID: SA43220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43220 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for dovecot. This fixes a weakness and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA40723 SA41723 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1059-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001243.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 21:11:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 06:11:46 +0100 Subject: [SEC] [SA43186] Novell eDirectory NCP Request Handling Denial of Service Message-ID: <201102090511.p195BkmH016846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Novell eDirectory NCP Request Handling Denial of Service SECUNIA ADVISORY ID: SA43186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43186 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the NCP implementation and can be exploited to cause the service to become unresponsive via a specially crafted FileSetLock NCP request. SOLUTION: The vulnerability will reportedly be addressed in versions 8.8.5.6 and 8.8.6.2. PROVIDED AND/OR DISCOVERED BY: 1c239c43f521145fa8385d64a9c32243 via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-060/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 21:46:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 06:46:17 +0100 Subject: [SEC] [SA43084] Cisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Denial of Service Message-ID: <201102090546.p195kHV2006160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Denial of Service SECUNIA ADVISORY ID: SA43084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43084 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Nexus 1000V, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing 802.1Q tagged packets. This can be exploited to cause a crash when a virtual machine sends a packet on a vEthernet port. The vulnerability is reported in the following products: * Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b) * Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a) * Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3) * Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2) * Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1) SOLUTION: Update to version 4.0(4) SV1(3c). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco (CSCtj17451): http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Feb 8 22:10:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 07:10:34 +0100 Subject: [SEC] [SA43058] HP Power Manager Cross-Site Request Forgery Vulnerability Message-ID: <201102090610.p196AYH8027434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP Power Manager Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43058 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sow Ching Shiong has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 4.3.2. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Sow Ching Shiong via Secunia. ORIGINAL ADVISORY: HPSBMA02629 SSRT100381: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02711131 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 10:29:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 19:29:50 +0100 Subject: [SEC] [SA43117] vBSEO "Title" Script Insertion Vulnerability Message-ID: <201102091829.p19IToU2000950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: vBSEO "Title" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43117 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in vBSEO, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "Title" field is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that "refbacks" are enabled. The vulnerability is reported in versions prior to 3.6.0 RC2. SOLUTION: Update to version 3.6.0 RC2 or apply vendor supplied patch. PROVIDED AND/OR DISCOVERED BY: maXe ORIGINAL ADVISORY: vBSEO: http://www.vbseo.com/f5/vbseo-security-bulletin-vbseo-3-6-0-rc2-released-sitemap-3-0-pl1-released-patches-older-versions-available-48065/ maXe: http://www.exploit-db.com/exploits/16076/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 11:29:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 20:29:54 +0100 Subject: [SEC] [SA43258] HP-UX CDE Calendar Manager Buffer Overflow Vulnerability Message-ID: <201102091929.p19JTsRc023890@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP-UX CDE Calendar Manager Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43258 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43258/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43258 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43258/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43258/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43258 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #1: SA42984 The vulnerability is reported in versions B.11.23 and B.11.31 running CDE Calendar Manager. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Rodrigo Rubira Branco (BSDaemon) via ZDI. ORIGINAL ADVISORY: HPSBUX02628 SSRT090183: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-062/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 12:30:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 21:30:20 +0100 Subject: [SEC] [SA43268] RealPlayer Predictable Temporary Filename Code Execution Vulnerability Message-ID: <201102092030.p19KUK5R014397@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: RealPlayer Predictable Temporary Filename Code Execution Vulnerability SECUNIA ADVISORY ID: SA43268 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43268/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43268 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43268/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43268/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43268 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by temporary files that store references to media files having predictable names. This can be exploited in combination with the "OpenURLInPlayerBrowser()" method of a browser plugin to execute the file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products: * RealPlayer versions 14.0.1 and prior. * RealPlayer Enterprise versions 2.1.4 and prior. SOLUTION: Update to version 14.0.2 and 2.1.5 (build 6.0.12.1830). PROVIDED AND/OR DISCOVERED BY: Eduardo via ZDI. ORIGINAL ADVISORY: RealPlayer: http://service.real.com/realplayer/security/02082011_player/en/ http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-076/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 13:31:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 22:31:15 +0100 Subject: [SEC] [SA43207] Adobe Reader / Acrobat Multiple Vulnerabilities Message-ID: <201102092131.p19LVFbB004899@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43207 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An unspecified error related to library loading can be exploited to execute arbitrary code. 2) An unspecified error can be exploited to corrupt memory. 3) An unspecified error related to file permissions in Windows-based versions can be exploited to gain escalated privileges. 4) An unspecified error may allow code execution. 5) An unspecified error when parsing images can be exploited to corrupt memory. 6) An error in AcroRd32.dll when parsing certain images can be exploited to corrupt memory. 7) An unspecified error in the Macintosh-based versions may allow code execution. 8) An unspecified error related to library loading can be exploited to execute arbitrary code. 9) An unspecified error may allow code execution. 10) A input validation error may allow code execution. 11) An input validation error can be exploited to conduct cross-site scripting attacks. 12) An unspecified error related to library loading can be exploited to execute arbitrary code. 13) An unspecified error can be exploited to corrupt memory. 14) A boundary error when decoding U3D image data in an IFF file can be exploited to cause a buffer overflow. 15) A boundary error when decoding U3D image data in a RGBA file can be exploited to cause a buffer overflow. 16) A boundary error when decoding U3D image data in a BMP file can be exploited to cause a buffer overflow. 17) A boundary error when decoding U3D image data in a PSD file can be exploited to cause a buffer overflow. 18) An input validation error when parsing fonts may allow code execution. 19) A boundary error when decoding U3D image data in a FLI file can be exploited to cause a buffer overflow. 20) An error in 2d.dll when parsing height and width values of RLE_8 compressed BMP files can be exploited to cause a heap-based buffer overflow. 21) An integer overflow in ACE.dll when parsing certain ICC data can be exploited to cause a buffer overflow. 22) A boundary error in rt3d.dll when parsing bits per pixel and number of colors if 4/8-bit RLE compressed BMP files can be exploited to cause a heap-based buffer overflow. 23) An error in the U3D implementation when handling the Parent Node count can be exploited to cause a buffer overflow. 24) A boundary error when processing JPEG files embedded in a PDF file can be exploited to corrupt heap memory. 25) An unspecified error when parsing images may allow code execution. 26) An input validation error can be exploited to conduct cross-site scripting attacks. 27) An unspecified error in the Macintosh-based versions may allow code execution. 28) A boundary error in rt3d.dll when parsing certain files can be exploited to cause a stack-based buffer overflow. 29) An integer overflow in the U3D implementation when parsing a ILBM texture file can be exploited to cause a buffer overflow. 30) Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player. For more information: SA43267 The vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1 and prior, and 10.0 and prior. SOLUTION: Update to version 8.2.6, 9.4.2, or 10.0.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) Bing Liu, Fortinet's FortiGuard Labs. 6) Abdullah Ada via ZDI. 8) Haifei Li, Fortinet's FortiGuard Labs. 14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. 21) Sebastian Apelt via ZDI. 23) el via ZDI. 14) Sean Larsson, iDefense Labs. 28) An anonymous person via ZDI. The vendor also credits: 1) Mitja Kolsek, ACROS Security. 3) Matthew Pun. 4, 5, 18) Tavis Ormandy, Google Security Team. 7) James Quirk. 9) Brett Gervasoni, Sense of Security. 10) Joe Schatz. 11, 26) Billy Rios, Google Security Team. 12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. 13) CESG. 25) Will Dormann, CERT. 27) Marc Schoenefeld, Red Hat Security Response Team. ORIGINAL ADVISORY: Adobe (APSB11-03) http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.adobe.com/support/security/bulletins/apsb11-02.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-065/ http://www.zerodayinitiative.com/advisories/ZDI-11-066/ http://www.zerodayinitiative.com/advisories/ZDI-11-067/ http://www.zerodayinitiative.com/advisories/ZDI-11-068/ http://www.zerodayinitiative.com/advisories/ZDI-11-069/ http://www.zerodayinitiative.com/advisories/ZDI-11-070/ http://www.zerodayinitiative.com/advisories/ZDI-11-071/ http://www.zerodayinitiative.com/advisories/ZDI-11-072/ http://www.zerodayinitiative.com/advisories/ZDI-11-073/ http://www.zerodayinitiative.com/advisories/ZDI-11-074/ http://www.zerodayinitiative.com/advisories/ZDI-11-075/ http://www.zerodayinitiative.com/advisories/ZDI-11-077/ FortiGuard Labs: http://www.fortiguard.com/advisory/FGA-2011-06.html iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 14:26:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 23:26:42 +0100 Subject: [SEC] [SA43276] IP.Board Forum Topic Title Security Bypass Message-ID: <201102092226.p19MQgx5027603@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IP.Board Forum Topic Title Security Bypass SECUNIA ADVISORY ID: SA43276 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43276/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43276 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43276/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43276/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43276 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IP.Board, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the application not checking for authentication when viewing topic titles, which can be exploited to view topic titles in password protected forums. The security issue is reported in versions prior to 3.1.4. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://community.invisionpower.com/topic/331785-ipboard-30x-31x-security-update-and-mobile-api-update/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 14:55:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Feb 2011 23:55:31 +0100 Subject: [SEC] [SA43262] Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability Message-ID: <201102092255.p19MtVhf016674@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43262 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43262/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43262 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43262/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43262/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43262 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Konstantin Preiber has reported a vulnerability in Sun Java, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "doubleValue()" method in FloatingDecimal.java when converting "2.2250738585072012e-308" from a string type to a double precision binary floating point and can be exploited to cause an infinite loop. The vulnerability is reported in the following products: * Sun JDK and JRE 6 Update 23 and prior. * Sun JDK 5.0 Update 27 and prior. * Sun SDK 1.4.2_29 and prior. SOLUTION: Apply patch via the FPUpdater tool. PROVIDED AND/OR DISCOVERED BY: Konstantin Preiber ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 15:29:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 00:29:48 +0100 Subject: [SEC] [SA43275] Red Hat update for krb5 Message-ID: <201102092329.p19NTmHO006088@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA43275 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43275/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43275 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43275/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43275/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43275 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). More information: SA43260 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0200-1: https://rhn.redhat.com/errata/RHSA-2011-0200.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 15:48:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 00:48:07 +0100 Subject: [SEC] [SA43278] Ruby on Rails Filter Bypass and SQL Injection Vulnerabilities Message-ID: <201102092348.p19Nm7MI027097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ruby on Rails Filter Bypass and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43278 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43278/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43278 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43278/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43278/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43278 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. 1) The filtering code does not properly work for case insensitive file systems, which can be exploited to bypass the filter by e.g. varying the case in certain action parameters. Note: This only affects deployments on case insensitive file systems. 2) Input passed to the "limit()" function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions 3.0.0 through 3.0.3. SOLUTION: Update to version 3.0.4 or apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Jan M. Faber, supersaas 2) Eaden McKee, Webforce Ltd ORIGINAL ADVISORY: 1) http://groups.google.com/group/rubyonrails-security/browse_thread/thread/362f1fbc1761b336 2) http://groups.google.com/group/rubyonrails-security/browse_thread/thread/b658902cf6bf4eed OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 16:13:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 01:13:36 +0100 Subject: [SEC] [SA43197] FFmpeg Vorbis Decoder Multiple Vulnerabilities Message-ID: <201102100013.p1A0Da5C016040@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: FFmpeg Vorbis Decoder Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43197 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to errors within the Vorbis Decoder (libavcodec/vorbis_dec.c) component when processing certain Vorbis files, which can be exploited to e.g. cause cause a crash or memory corruption by tricking a user into opening specially crafted Vorbis files. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: gmaxwell and CERT. ORIGINAL ADVISORY: http://roundup.ffmpeg.org/issue2322 http://roundup.ffmpeg.org/issue2548 http://roundup.ffmpeg.org/issue2550 http://git.ffmpeg.org/?p=ffmpeg.git;a=commitdiff;h=3dde66752d59dfdd0f3727efd66e7202b3c75078 http://git.ffmpeg.org/?p=ffmpeg.git;a=commitdiff;h=366d919016a679d3955f6fe5278fa7ce4f47b81e http://git.ffmpeg.org/?p=ffmpeg.git;a=commitdiff;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3 http://git.ffmpeg.org/?p=ffmpeg.git;a=commitdiff;h=925aa96915b8143017cb63418cb709b992c59065 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 16:48:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 01:48:49 +0100 Subject: [SEC] [SA43274] Ruby on Rails Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201102100048.p1A0mngr005366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ruby on Rails Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA43274 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43274/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43274 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43274/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43274/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43274 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via e.g. the name or email value to the mail_to helper using the :encode => :javascript option is not properly sanitised before being used. This can be exploited to e.g. execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The cross-site request forgery protection does not properly validate AJAX and API requests, which can be exploited to conduct cross-site request forgery attacks by using certain browser plugins and HTTP redirects to send cross-domain HTTP requests with spoofed headers. SOLUTION: Update to version 2.3.11 or 3.0.4 or apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Brendan Coles, IT Security Solutions and Rick Olson, Github. 2) Felix Gr?bert, Google Security Team ORIGINAL ADVISORY: 1) http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 2) http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 17:17:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 02:17:12 +0100 Subject: [SEC] [SA43238] WordPress Multiple Vulnerabilities Message-ID: <201102100117.p1A1HCTr026866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43238 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43238/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43238 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43238/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43238/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43238 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the post title when performing a "Quick Edit" or "Bulk Edit" action and via the "post_status", "comment_status", and "ping_status" parameters is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain input passed via tags in the tags meta-box is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of these vulnerabilities requires the "Author" or "Contributor" role. 3) The application incorrectly enforces user access restrictions when accessing posts via the media uploader and can be exploited to disclose the contents of e.g. private or draft posts. Successful exploitation of this vulnerability requires the "Author" role. The vulnerabilities are reported in versions prior to 3.0.5. SOLUTION: Update to version 3.0.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. The vendor also credits Saddy and: 2) Nils Jueneman ORIGINAL ADVISORY: WordPress: http://codex.wordpress.org/Version_3.0.5 http://wordpress.org/news/2011/02/wordpress-3-0-5/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 17:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 02:46:06 +0100 Subject: [SEC] [SA43273] Red Hat update for krb5 Message-ID: <201102100146.p1A1k6BU015937@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA43273 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43273/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43273 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43273/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43273/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43273 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). More information: SA43260 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0199-1: https://rhn.redhat.com/errata/RHSA-2011-0199.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 18:11:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 03:11:08 +0100 Subject: [SEC] [SA43260] Kerberos Multiple Denial of Service Vulnerabilities Message-ID: <201102100211.p1A2B80G004833@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Kerberos Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43260 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43260/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43260 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43260/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43260/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43260 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) The KDC database propagation daemon (kpropd) listening process does not properly handle the abnormal termination of worker processes, which can be exploited to terminate the daemon by sending specially crafted data. Successful exploitation requires that kpropd runs in standalone mode ("-S" option). The vulnerability is reported in krb5-1.7, krb5-1.8, and krb5-1.9. 2) An error when processing certain Kerberos principal names in the KDC LDAP database back end can lead to file descriptor leaks, which can be exploited to cause KDC to hang by sending specially crafted requests. The vulnerability is reported in krb5-1.6 and later. 3) A NULL pointer dereference error when processing certain Kerberos principal names exists in the KDC LDAP back end, which can be exploited to cause a crash by sending specially crafted requests. The vulnerability is reported in krb5-1.6 and later. 4) A NULL pointer dereference error within the KDC network code can be exploited to cause a crash by sending specially crafted requests packets. The vulnerability is reported in krb5-1.9. SOLUTION: Apply patches. PROVIDED AND/OR DISCOVERED BY: 3) Reported by the vendor. The vendor credits: 1) Keiichi Mori, Red Hat 2) Kevin Longfellow, Oracle 4) Zbysek Mraz, Red Hat ORIGINAL ADVISORY: MIT krb5 Security Advisory 2011-001: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-001.txt MIT krb5 Security Advisory 2011-002: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-002.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 18:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 03:46:40 +0100 Subject: [SEC] [SA43267] Adobe Flash Player Multiple Vulnerabilities Message-ID: <201102100246.p1A2ken5026621@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43267 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43267/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43267 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43267/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43267/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43267 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error in the ActionScript method of the built-in "Function" class can be exploited to cause a heap-based buffer overflow via specially crafted Flash content. 2) An error in a certain ActionScript method can be exploited to cause a user-supplied value to be used as an object pointer via specially crafted Flash content. 3) An unspecified error can be exploited to corrupt memory. 4) Unspecified errors can be exploited to corrupt memory. 5) Certain libraries are loaded in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share. 6) An unspecified error exists within the font-parsing functionality. 7) Improper type checking when constructing a certain ActionScript3 object can be exploited to corrupt memory. 8) An unspecified error can be exploited to corrupt memory. 9) An unspecified error can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 10.1.102.64 and prior. SOLUTION: Update to version 10.2.152.26. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Vitaliy Toropov via iDefense 2) An anonymous person via iDefense. 7) An anonymous person via ZDI. The vendor also credits: 3) Will Dormann, CERT. 4) Bo Qu, Palo Alto Networks. 5) Simon Raner, ACROS Security. 6) Marc Schoenefeld, Red Hat Security Response Team. 8, 9) Tavis Ormandy, Google Security Team. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb11-02.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-081/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=893 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=894 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 19:15:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 04:15:57 +0100 Subject: [SEC] [SA43237] Windows Azure SDK Web Role Session Cookies Disclosure Weakness Message-ID: <201102100315.p1A3FvDR016194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Windows Azure SDK Web Role Session Cookies Disclosure Weakness SECUNIA ADVISORY ID: SA43237 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43237/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43237 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43237/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43237/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43237 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Windows Azure SDK, which can be exploited by malicious users to disclose potentially sensitive information. The weakness is caused due to an error in the applications that have a "Web Role" deployed. This can be exploited to disclose certain state information from encrypted session cookies. Successful exploitation requires an application to be developed with ASP.NET and using the "Full IIS" feature. The weakness is reported in versions prior to 1.3.20121.1237. SOLUTION: Update to version 1.3.20121.1237 (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://blogs.msdn.com/b/windowsazure/archive/2011/02/03/windows-azure-software-development-kit-sdk-refresh-released.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 19:45:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 04:45:02 +0100 Subject: [SEC] [SA43200] CA Secure Content Manager Common Services Transport Vulnerability Message-ID: <201102100345.p1A3j24u005277@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: CA Secure Content Manager Common Services Transport Vulnerability SECUNIA ADVISORY ID: SA43200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43200 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA Secure Content Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to missing input validation in the eTrust Common Services Transport (ECSQdmn.exe) service when parsing requests and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to port 1882. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products: * CA Secure Content Manager version 8.0. * CA Gateway Security version 8.1. SOLUTION: Restrict access to the affected service. PROVIDED AND/OR DISCOVERED BY: Sebastian Apelt via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-059/ CA: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F} OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 20:10:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 05:10:00 +0100 Subject: [SEC] [SA43222] IBM Lotus Notes "cai" URI Handler Vulnerability Message-ID: <201102100410.p1A4A0HF026581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Notes "cai" URI Handler Vulnerability SECUNIA ADVISORY ID: SA43222 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43222/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43222 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43222/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43222/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43222 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "cai" URI handler allowing the launch of rcplauncher.exe with arbitrary command line arguments. This can be exploited to load arbitrary libraries via the "--launcher.library" argument e.g. by tricking the user into visiting a specially crafted web site or following a specially crafted link. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following versions: * IBM Lotus Notes versions prior to 8.0.2 Fix Pack 6. * IBM Lotus Notes versions prior to 8.5.1 Fix Pack 5. * IBM Lotus Notes versions prior to 8.5.2. SOLUTION: Update to version 8.0.2 FP6, 8.5.1 FP5, or 8.5.2. PROVIDED AND/OR DISCOVERED BY: rgod via ZDI. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21461514 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-051/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 20:23:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 05:23:48 +0100 Subject: [SEC] [SA43219] Check Point Endpoint Security / Integrity Server Information Disclosure Security Issue Message-ID: <201102100423.p1A4NmhR014991@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Check Point Endpoint Security / Integrity Server Information Disclosure Security Issue SECUNIA ADVISORY ID: SA43219 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43219/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43219 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43219/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43219/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43219 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HD Moore has reported a security issue in Check Point Endpoint Security and Integrity Server, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to the "conf" and "bin" directories in the web root not being properly restricted. This can be exploited to disclose e.g. private SSL keys and configuration files by directly accessing the web directories. The security issue is reported in the following products: * Endpoint Security Server versions R71, R72, and R73. * Integrity Server version 7.x SOLUTION: Apply hotifxes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: HD Moore, Rapid7. ORIGINAL ADVISORY: CheckPoint: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk57881 HD Moore: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0117.html http://www.rapid7.com/security-center/advisories/R7-0038.jsp OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 20:44:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 05:44:51 +0100 Subject: [SEC] [SA43247] IBM Lotus Domino SMTP Service "Filename" Buffer Overflow Message-ID: <201102100444.p1A4ipbE003695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino SMTP Service "Filename" Buffer Overflow SECUNIA ADVISORY ID: SA43247 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43247/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43247 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43247/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43247/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43247 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the SMTP service when parsing the "filename" parameter in e-mail messages. This can be exploited to cause a buffer overflow via a specially crafted message containing multiple "filename" parameters. Successful exploitation may allow execution of arbitrary code. SOLUTION: Restrict access to the SMTP service. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21461514 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-049/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 21:10:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 06:10:53 +0100 Subject: [SEC] [SA43228] Joomla! CiviCRM Component Multiple Vulnerabilities Message-ID: <201102100510.p1A5ArZr025054@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! CiviCRM Component Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43228 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43228/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43228 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43228/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43228/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43228 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the CiviCRM component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) The application bundles a vulnerable version of Open Flash Chart. For more information: SA37903 2) Input passed via the "defaultPath" parameter to administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php, via the "lang" parameter to administrator/components/com_civicrm/civicrm/packages/PHPgettext/examples/pigs_dropin.php and administrator/components/com_civicrm/civicrm/packages/PHPgettext/examples/pigs_fallback.php and via the "class" parameter to administrator/components/com_civicrm/civicrm/packages/amfphp/browser/details.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.3.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 21:44:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 06:44:38 +0100 Subject: [SEC] [SA43235] PHP-Fusion Auto Database System Module "SEARCHSTRING" SQL Injection Vulnerability Message-ID: <201102100544.p1A5ic8U014357@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PHP-Fusion Auto Database System Module "SEARCHSTRING" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43235 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43235/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43235 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43235/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43235/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43235 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Auto Database System module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "SEARCHSTRING" POST parameter to infusions/car_list_panel/search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Saif El -Sherei OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 9 22:09:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 07:09:57 +0100 Subject: [SEC] [SA43231] Microsoft Office Excel OfficeArt Container Parsing Vulnerability Message-ID: <201102100609.p1A69vt9003265@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel OfficeArt Container Parsing Vulnerability SECUNIA ADVISORY ID: SA43231 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43231/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43231 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43231/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43231/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43231 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when encountering an error while parsing OfficeArt containers. This can be exploited to dereference an invalid object via a specially crafted file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported by an anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-041/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 10:31:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 19:31:39 +0100 Subject: [SEC] [SA43296] IBM WebSphere Application Server Java Denial of Service Vulnerability Message-ID: <201102101831.p1AIVdrE018618@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Java Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43296 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43296/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43296 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43296/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43296/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43296 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a vulnerability in the bundled version of IBM Java. For more information: SA43295 The vulnerability is reported in versions 6.1.0.35 and prior. SOLUTION: Apply Interim Fix for APAR PM32177. ORIGINAL ADVISORY: IBM (PM32177): http://www.ibm.com/support/docview.wss?uid=swg24029090 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 11:30:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 20:30:54 +0100 Subject: [SEC] [SA43259] Model Agentur Products "id" SQL Injection Vulnerability Message-ID: <201102101930.p1AJUsmx009057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Model Agentur Products "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43259 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43259 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43259/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43259/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43259 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Model Agentur products, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "page" is set to "setcard") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: NoNameMT OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 12:31:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 21:31:14 +0100 Subject: [SEC] [SA43245] UMI.CMS Cross-Site Request Forgery Vulnerability Message-ID: <201102102031.p1AKVE8s031943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: UMI.CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43245 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43245/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43245 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43245/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43245/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43245 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in UMI.CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 2.8.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22812: http://www.htbridge.ch/advisory/xsrf_csrf_in_umi_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 13:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 22:31:00 +0100 Subject: [SEC] [SA43295] IBM Java "doubleValue()" Denial of Service Vulnerability Message-ID: <201102102131.p1ALV0Ga022416@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Java "doubleValue()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43295 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43295/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43295 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43295/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43295/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43295 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Java, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Apply APAR IZ94331 or update to version 5.0.0 SR12 Fix Pack 4 when available. ORIGINAL ADVISORY: IBM (IZ94331): http://www.ibm.com/support/docview.wss?uid=swg1IZ94331 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 14:26:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 23:26:57 +0100 Subject: [SEC] [SA43281] Novell iPrint Server LPD Unspecified Code Execution Vulnerability Message-ID: <201102102226.p1AMQvGN012716@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Novell iPrint Server LPD Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA43281 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43281/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43281 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43281/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43281/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43281 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell Open Enterprise Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the iPrint LPD component. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.0.2 and 2.0.3. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Francis Provencher of Protek Research Lab, via ZDI. ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7007858 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 14:57:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Feb 2011 23:57:36 +0100 Subject: [SEC] [SA43201] stunnel File Descriptor Leak Security Issue Message-ID: <201102102257.p1AMvaSX001805@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: stunnel File Descriptor Leak Security Issue SECUNIA ADVISORY ID: SA43201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43201 RELEASE DATE: 2011-02-10 DISCUSS ADVISORY: http://secunia.com/advisories/43201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in stunnel, which can be exploited by malicious, local users to disclose certain system information. The security issue is caused due to a race condition within the handling of file descriptors in combination with FD_CLOEXEC, which can result in privileged file descriptors being leaked. This is related to: SA9691 SOLUTION: The security issue is fixed in version 4.35 on systems running Linux Kernel version 2.6.28 or later and glibc 2.10 or later. However, this may still be an issue on other UNIX-like systems. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.stunnel.org/?page=sdf_ChangeLog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 15:32:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 00:32:43 +0100 Subject: [SEC] [SA43230] Django Multiple Vulnerabilities Message-ID: <201102102332.p1ANWhi5023724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Django Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43230 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43230/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43230 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43230/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43230/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43230 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Django, which can be exploited by malicious people to bypass certain security restrictions and conduct script insertion and cross-site request forgery attacks. 1) The cross-site request forgery protection does not properly verify requests with certain "X-Requested-With" headers, which can be exploited to conduct cross-site request forgery attacks by using certain browser plugins and HTTP redirects to send cross-domain HTTP requests with spoofed headers. 2) Input passed via the filename of uploaded files is not properly sanitised within the file field before being used. This can be exploited to insert HTML and script code, which will executed in a user's browser session in context of an affected site if malicious data is viewed. Successful exploitation requires that a file-storage backend that does not properly sanitise the file name is used (no default file-storage backends are affected). 3) The file-based session storage system does not properly sanitise the key submitted in the session cookie, which can be exploited to conduct directory traversal attacks. Note: This only affects deployments on systems using path separators other than specified in Python's "os.path.sep" (e.g. Windows systems). SOLUTION: Update to version 1.1.4 or 1.2.5 or apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Michael Koziarski 2) e.generalov 3) Paul McMillan ORIGINAL ADVISORY: http://www.djangoproject.com/weblog/2011/feb/08/security/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 16:00:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 01:00:28 +0100 Subject: [SEC] [SA43217] CGI:IRC "R" Cross-Site Scripting Vulnerability Message-ID: <201102110000.p1B00Sgk012750@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: CGI:IRC "R" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43217 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CGI:IRC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "R" parameter in the "nonjs" interface (interfaces/nonjs.pm) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.5.10. SOLUTION: Update to version 0.5.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Brooks. ORIGINAL ADVISORY: http://sourceforge.net/mailarchive/message.php?msg_id=27024589 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 16:27:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 01:27:07 +0100 Subject: [SEC] [SA43292] Red Hat update for flash-plugin Message-ID: <201102110027.p1B0R7Qn001674@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA43292 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43292/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43292 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43292/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43292/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43292 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA43267 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0206-01: https://rhn.redhat.com/errata/RHSA-2011-0206.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 16:48:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 01:48:10 +0100 Subject: [SEC] [SA43288] Avaya CMS Solaris TCP Implementation Denial of Service Vulnerabilities Message-ID: <201102110048.p1B0mAqZ022860@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris TCP Implementation Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43288 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged some vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36668 The vulnerabilities are reported in versions R14, R14.1, and R15. SOLUTION: The vendor recommends that network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2009-427: https://support.avaya.com/css/P8/documents/100065799 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 17:18:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 02:18:00 +0100 Subject: [SEC] [SA43271] Pidgin Cipher API Information Disclosure Security Issue Message-ID: <201102110118.p1B1I0FS011994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Pidgin Cipher API Information Disclosure Security Issue SECUNIA ADVISORY ID: SA43271 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43271/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43271 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43271/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43271/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43271 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in Pidgin, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issues are caused due to the "md5_uninit()", "md4_uninit()", "des_uninit()", "des3_uninit()", "rc4_uninit()", and "purple_cipher_context_destroy()" functions in libpurple/cipher.c not properly clearing certain sensitive structures prior to freeing them, which can lead to potentially sensitive information remaining in memory. The security issues are reported in versions prior to 2.7.10. SOLUTION: Update to version 2.7.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Julia Lawall. ORIGINAL ADVISORY: http://www.pidgin.im/news/security/?id=50 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 17:46:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 02:46:05 +0100 Subject: [SEC] [SA43190] IDA Pro Mach-O Loader Buffer Overflow Vulnerability Message-ID: <201102110146.p1B1k5CG000971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IDA Pro Mach-O Loader Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43190 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IDA Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when loading Mac OS X Mach-O files and can be exploited to cause a buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into loading a malicious file. The vulnerability is reported in versions 5.7 and 6.0. SOLUTION: Apply fix. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Stefan Esser. ORIGINAL ADVISORY: https://www.hex-rays.com/machofix.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 18:12:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 03:12:12 +0100 Subject: [SEC] [SA43270] Debian update for cgiirc Message-ID: <201102110212.p1B2CCSU022377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for cgiirc SECUNIA ADVISORY ID: SA43270 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43270/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43270 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43270/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43270/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43270 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued a fix for cgiirc. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. More information: SA43217 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2158-1: http://lists.debian.org/debian-security-announce/2011/msg00023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 18:46:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 03:46:21 +0100 Subject: [SEC] [SA43236] SUSE update for Multiple Packages Message-ID: <201102110246.p1B2kLr8011693@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43236 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43236/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43236 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43236/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43236/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43236 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA37291 SA42337 SA42443 SA42461 SA42659 SA43006 SA43023 SA43135 1) An error exists in the REST api within the opensuse build service, which does not properly check for access restrictions when logging in. This can be exploited to log in to an "unconfirmed" account. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:003: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 19:16:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 04:16:30 +0100 Subject: [SEC] [SA43202] HP Data Protector Client and Cell Manager Multiple Vulnerabilities Message-ID: <201102110316.p1B3GURd001252@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP Data Protector Client and Cell Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43202 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43202/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43202 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43202/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43202/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43202 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP Data Protector, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) An error in the client within the omni_chk_ds.sh script when processing the "EXEC_CMD" command can be exploited to provide and execute a malicious script file. 2) An input validation error in the client when processing the "EXEC_CMD" command to execute files in the local bin directory can be exploited to interact with a Perl interpreter via specially crafted input. 3) An error in the client when processing the "EXEC_SETUP" command to download and execute a setup file can be exploited to execute an arbitrary file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code, but may require tricking a client into connecting to a malicious server. 4) An error in the Cell Manager Service (crs.exe) when validating the username, domain, and hostname credentials can be exploited to gain administrative access to the management server. Successful exploitation of this vulnerability may allow execution of arbitrary code on all clients managed by the Cell manager. The vulnerabilities are reported in version A.06.00 (build PHSS_36622 / PHSS_36623 / DPSOL_00294 / DPLNX_00029 and DPWIN_00384). SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-054/ http://www.zerodayinitiative.com/advisories/ZDI-11-055/ http://www.zerodayinitiative.com/advisories/ZDI-11-056/ http://www.zerodayinitiative.com/advisories/ZDI-11-057/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 19:44:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 04:44:55 +0100 Subject: [SEC] [SA43021] Google Chrome Multiple Vulnerabilities Message-ID: <201102110344.p1B3itRH022762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43021 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) The application bundles a vulnerable version of the Flash plugin For more information: SA43267 2) An error related to a stale pointer exists within the animation event handling 3) A use-after-free error exists the handling of SVG font faces. 4) An error related to a stale pointer exists within the anonymous block handling. 5) Errors within the plugin handling can be exploited to cause out-of-bounds reads. 6) Processes may not always properly terminate in case of an out-of-memory condition. The vulnerabilities are reported in versions prior to 9.0.597.94. SOLUTION: Update to version 9.0.597.94. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Rik Cabanier 3) miaubiz 4) Martin Barbella 5) Bill Budge, Google 6) David Warren, CERT/CC. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 20:09:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 05:09:48 +0100 Subject: [SEC] [SA43253] Microsoft Windows LSASS Authentication Request Privilege Escalation Vulnerability Message-ID: <201102110409.p1B49mOC011672@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows LSASS Authentication Request Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43253 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43253/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43253 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43253/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43253/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43253 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a length validation error in the Local Security Authority Subsystem Service (LSASS) when processing certain values and can be exploited via a specially crafted authentication request. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Jorge Moura, Primavera BSS. ORIGINAL ADVISORY: MS11-014 (KB2478960): http://www.microsoft.com/technet/security/Bulletin/MS11-014.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 20:24:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 05:24:46 +0100 Subject: [SEC] [SA43257] Microsoft Windows Kerberos Authentication Encryption Downgrade Vulnerability Message-ID: <201102110424.p1B4OkbR032502@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kerberos Authentication Encryption Downgrade Vulnerability SECUNIA ADVISORY ID: SA43257 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43257/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43257 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43257/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43257/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43257 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the Kerberos implementation when performing authentication. This can be exploited to downgrade encryption to DES instead of other stronger standards, which may lead to impersonating another user or forging Kerberos traffic via Man-in-the-Middle (MitM) attacks. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Scott Stender, iSEC Partners. ORIGINAL ADVISORY: MS11-013 (KB2425227): http://www.microsoft.com/technet/security/Bulletin/MS11-013.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 20:45:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 05:45:04 +0100 Subject: [SEC] [SA43255] Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities Message-ID: <201102110445.p1B4j4c7021202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA43255 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43255/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43255 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43255/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43255/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43255 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. 1) An error in the Win32k kernel-mode driver (win32k.sys) when validating input passed from user mode can be exploited to execute arbitrary code in kernel-mode. 2) An error in the Win32k kernel-mode driver (win32k.sys) when validating input passed from user mode can be exploited to execute arbitrary code in kernel-mode. 3) A validation error in the Win32k kernel-mode driver (win32k.sys) when handling window class pointers can be exploited to execute arbitrary code in kernel-mode. 4) A validation error in the Win32k kernel-mode driver (win32k.sys) when handling window class pointers can be exploited to execute arbitrary code in kernel-mode. 5) An error in the Win32k kernel-mode driver (win32k.sys) when validating input passed from user mode can be exploited to corrupt memory. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Tarjei Mandt, Norman. ORIGINAL ADVISORY: MS11-012 (KB2479628) http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 21:10:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 06:10:47 +0100 Subject: [SEC] [SA43227] OpenSSL ClientHello Handshake Message Parsing Vulnerability Message-ID: <201102110510.p1B5AlNx010139@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: OpenSSL ClientHello Handshake Message Parsing Vulnerability SECUNIA ADVISORY ID: SA43227 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43227/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43227 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43227/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43227/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43227 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an error when parsing certain malformed ClientHello handshake messages, which can be exploited to e.g. trigger an invalid memory access by sending specially crafted ClientHello handshake messages to the server. Depending upon the application, this may also lead to the disclosure of e.g. contents of parsed OCSP (Online Certificate Status Protocol) extensions. Note: This only affects servers using the "SSL_CTX_set_tlsext_status_cb()" function on their SSL_CTX (e.g. Apache httpd version 2.3.3 or later). The vulnerability is reported in versions 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c. SOLUTION: Update to version 0.9.8r or 1.0.0d or apply the patch. PROVIDED AND/OR DISCOVERED BY: The vendor credits Neel Mehta, Google. ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20110208.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 21:46:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 06:46:33 +0100 Subject: [SEC] [SA43251] Microsoft Windows Kerberos Unkeyed Checksum Privilege Escalation Vulnerability Message-ID: <201102110546.p1B5kX7r031917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kerberos Unkeyed Checksum Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43251 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43251/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43251 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43251/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43251/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43251 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Kerberos implementation supporting a weak hashing mechanism (e.g. CRC32). This can be exploited to forge a service ticket and obtain a token with elevated privileges. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits the MIT Kerberos Team. ORIGINAL ADVISORY: MS11-013 (KB2478971): http://www.microsoft.com/technet/security/Bulletin/MS11-013.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 10 22:10:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 07:10:24 +0100 Subject: [SEC] [SA43254] Microsoft Visio Two Memory Corruption Vulnerabilities Message-ID: <201102110610.p1B6AOBs020768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Visio Two Memory Corruption Vulnerabilities SECUNIA ADVISORY ID: SA43254 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43254/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43254 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43254/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43254/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43254 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Visio, which can be exploited by malicious people to compromise a user's system. 1) An error in ormelems.dll when parsing the VisioDocument stream can be exploited to dereference an object that has not been completely initialised via a specially crafted Visio file. 2) An error in elements.dll when parsing certain structures can be exploited to corrupt memory via a specially crafted Visio file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Procyun via ZDI The vendor also credits: 1,2) Xin Ouyang, Palo Alto Networks. ORIGINAL ADVISORY: MS11-008 (KB2451879, KB2434711, KB2434733, KB2434737): http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-063/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 10:31:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 19:31:08 +0100 Subject: [SEC] [SA43312] VMware ESX Server / ESXi OpenSSL Vulnerabilities Message-ID: <201102111831.p1BIV8Wg009473@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESX Server / ESXi OpenSSL Vulnerabilities SECUNIA ADVISORY ID: SA43312 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43312/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43312 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43312/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43312/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43312 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware ESX Server / ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40906 SA42243 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 11:30:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 20:30:33 +0100 Subject: [SEC] [SA43315] VMware ESX Server Multiple Kernel Vulnerabilities Message-ID: <201102111930.p1BJUX9W032323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Kernel Vulnerabilities SECUNIA ADVISORY ID: SA43315 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43315/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43315 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43315/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43315/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43315 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some security issues and vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, conduct DNS cache poisoning attacks, and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA37658 SA38133 SA38229 SA38317 SA38354 SA38499 SA38502 SA38594 SA38718 SA39982 SA40205 SA40691 SA41321 SA41462 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 12:31:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 21:31:12 +0100 Subject: [SEC] [SA43308] VMware vCenter / ESX Server Update for Oracle (Sun) JRE Message-ID: <201102112031.p1BKVCr8022839@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter / ESX Server Update for Oracle (Sun) JRE SECUNIA ADVISORY ID: SA43308 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43308/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43308 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43308/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43308/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43308 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for the Oracle (Sun) JRE. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SOLUTION: Update to a fixed version or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 13:30:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 22:30:57 +0100 Subject: [SEC] [SA43291] SUSE update for kernel Message-ID: <201102112130.p1BLUvvu013299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA43291 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43291/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43291 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43291/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43291/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43291 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose certain system information, disclose sensitive information, and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA40965 SA41284 SA41440 SA41493 SA41650 SA42035 SA42094 SA42684 SA42765 SA43056 1) An error within the Econet protocol implementation can be exploited to cause a crash by sending Acorn Universal Networking packets over UDP. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2011:008: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 14:26:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 23:26:10 +0100 Subject: [SEC] [SA42069] PHPXref "nav.html" Cross-Site Scripting Vulnerability Message-ID: <201102112226.p1BMQAIm003542@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PHPXref "nav.html" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42069 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/42069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in PHPXref, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to nav.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.7. Prior versions may also be affected. SOLUTION: Update to version 0.7.1 PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4795/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 14:55:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Feb 2011 23:55:08 +0100 Subject: [SEC] [SA43305] RunCMS "timezone_offset" SQL Injection Vulnerability Message-ID: <201102112255.p1BMt8xg025045@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: RunCMS "timezone_offset" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43305 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43305/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43305 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43305/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43305/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43305 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in RunCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "timezone_offset" POST parameter to register.php (when the "op" POST parameter is set to "finish") is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22820: http://www.htbridge.ch/advisory/sql_injection_in_runcms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 15:29:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 00:29:38 +0100 Subject: [SEC] [SA43261] Apache Continuum Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201102112329.p1BNTc6Y014476@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Apache Continuum Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA43261 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43261/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43261 RELEASE DATE: 2011-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/43261/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43261/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43261 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache Continuum, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the administrator's credentials when a logged-in administrator visits a specially crafted web page. The vulnerabilities are reported in versions prior to 1.3.7. SOLUTION: Update to version 1.3.7. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tal Be'ery, Imperva 2) Anatolia Security Research Group ORIGINAL ADVISORY: Apache Continuum: http://continuum.apache.org/security.html 1) http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360 at apache.org%3E 2) http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695 at apache.org%3E OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 15:48:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 00:48:23 +0100 Subject: [SEC] [SA43241] ManageEngine ADSelfService Plus Cross-Site Scripting and Security Bypass Message-ID: <201102112348.p1BNmNuN003075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ManageEngine ADSelfService Plus Cross-Site Scripting and Security Bypass SECUNIA ADVISORY ID: SA43241 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43241/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43241 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43241/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43241/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43241 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported multiple vulnerabilities in ManageEngine ADSelfService Plus, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. 1) An error in the password reset mechanism can be exploited to bypass the security questions and change an arbitrary user's password by visiting the accounts/ResetResult page directly. 2) Input passed to the "searchString" parameter in EmployeeSearch.cc (when "actionId" is set to "showList" or "Search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOTE: Additionally, a weakness exists in the security question verification mechanism and can be exploited to reduce the number of required questions and disable the captcha verification, which may allow answering a question via a brute force attack. The vulnerabilities are reported in version 4.4. Other versions may also be affected. SOLUTION: Reportedly fixed in version 4.5 Build 4500. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Ernesto Alvarez, Core Security Technologies. ORIGINAL ADVISORY: CORE-2011-0103: http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 16:14:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 01:14:09 +0100 Subject: [SEC] [SA43243] Ubuntu update for exim4 Message-ID: <201102120014.p1C0E9qu024437@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for exim4 SECUNIA ADVISORY ID: SA43243 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43243/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43243 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43243/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43243/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43243 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for exim4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to compromise a vulnerable system. For more information: SA40019 SA42625 SA43101 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1060-1: http://www.ubuntu.com/usn/usn-1060-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 16:47:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 01:47:57 +0100 Subject: [SEC] [SA43286] Slackware update for openssl Message-ID: <201102120047.p1C0lv5V013739@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Slackware update for openssl SECUNIA ADVISORY ID: SA43286 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43286/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43286 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43286/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43286/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43286 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-041-04: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 17:20:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 02:20:27 +0100 Subject: [SEC] [SA43311] VMware vCenter Server OpenSSL Denial of Service Vulnerabilities Message-ID: <201102120120.p1C1KRDi002972@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter Server OpenSSL Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43311 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43311/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43311 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43311/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43311/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43311 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware vCenter Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38807 SOLUTION: Apply patches is available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 17:47:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 02:47:25 +0100 Subject: [SEC] [SA43307] VMware vCenter Server Tomcat Credentials Information Disclosure Message-ID: <201102120147.p1C1lPsD024376@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter Server Tomcat Credentials Information Disclosure SECUNIA ADVISORY ID: SA43307 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43307/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43307 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43307/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43307/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43307 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged a weakness in VMware vCenter Server, which can be exploited by malicious, local users to disclose sensitive information. The weakness is caused due to the Apache Tomcat Manager application configuration file containing logon credentials, which can be exploited to disclose the credentials by reading the configuration file. SOLUTION: Apply vCenter Update 1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Claudio Criscione, Secure Networking. ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 18:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 03:11:06 +0100 Subject: [SEC] [SA43242] Debian update for vlc Message-ID: <201102120211.p1C2B6Jt013228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for vlc SECUNIA ADVISORY ID: SA43242 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43242/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43242 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43242/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43242/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43242 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA43131 SOLUTION: Install updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2159-1: http://www.debian.org/security/2011/dsa-2159 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 18:45:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 03:45:58 +0100 Subject: [SEC] [SA43304] Red Hat update for jbossweb Message-ID: <201102120245.p1C2jwO5002531@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for jbossweb SECUNIA ADVISORY ID: SA43304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43304 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for jbossweb. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43198 SOLUTION: Updated packages are available via the Red Hat Network or the Red Hat Customer Portal. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0210-1: https://rhn.redhat.com/errata/RHSA-2011-0210.html RHSA-2011:0211-1: https://rhn.redhat.com/errata/RHSA-2011-0211.html RHSA-2011:0212-1: https://rhn.redhat.com/errata/RHSA-2011-0212.html RHSA-2011:0213-1: https://rhn.redhat.com/errata/RHSA-2011-0213.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 19:16:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 04:16:27 +0100 Subject: [SEC] [SA43303] Fedora update for kernel Message-ID: <201102120316.p1C3GR8P024610@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA43303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43303 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA42172 SA42176 SA42570 SA43009 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2011-1138: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053901.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 19:44:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 04:44:49 +0100 Subject: [SEC] [SA43314] VMware ESX Server pam_krb5 Security Issues Message-ID: <201102120344.p1C3inQE013664@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESX Server pam_krb5 Security Issues SECUNIA ADVISORY ID: SA43314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43314 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some security issues in VMware ESX Server, which can be exploited by malicious people to disclose potentially sensitive information and by malicious, local users to bypass certain security restrictions. For more information: SA32119 SA35230 The security issues are reported in VMware ESX Server version 4.1. SOLUTION: Apply patch ESX410-201101201-SG. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 20:10:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 05:10:12 +0100 Subject: [SEC] [SA43166] Metasploit Framework Insecure Filesystem Permissions Security Issue Message-ID: <201102120410.p1C4ACma002545@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Metasploit Framework Insecure Filesystem Permissions Security Issue SECUNIA ADVISORY ID: SA43166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43166 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Eduardo Prado has discovered a security issue in Metasploit Framework, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the application being installed with insecure filesystem permissions in the system's root drive. This can be exploited to create arbitrary files in certain directories (e.g. "postgresql\bin"). Successful exploitation e.g. allows execution of arbitrary code with LocalSystem privileges when the "frameworkPostgreSQL" service is restarted. The security issue is confirmed in version 3.5.1. Other versions may also be affected. SOLUTION: Update to version 3.5.2. PROVIDED AND/OR DISCOVERED BY: Eduardo Prado, Secumania ORIGINAL ADVISORY: http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 20:24:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 05:24:10 +0100 Subject: [SEC] [SA43282] Slackware update for sudo Message-ID: <201102120424.p1C4OAw0023390@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Slackware update for sudo SECUNIA ADVISORY ID: SA43282 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43282/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43282 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43282/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43282/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43282 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA42886 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-041-05: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 20:45:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 05:45:09 +0100 Subject: [SEC] [SA43285] Slackware update for apr and apr-util Message-ID: <201102120445.p1C4j9iC012119@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Slackware update for apr and apr-util SECUNIA ADVISORY ID: SA43285 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43285/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43285 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43285/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43285/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43285 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for apr and apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA41701 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-041-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 21:10:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 06:10:18 +0100 Subject: [SEC] [SA43195] MihanTools "id" SQL Injection Vulnerability Message-ID: <201102120510.p1C5AIGo000970@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MihanTools "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43195 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43195/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43195 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43195/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43195/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43195 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MihanTools, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to product.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.3.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: WHITE_DEVIL OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 11 21:24:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Feb 2011 06:24:06 +0100 Subject: [SEC] [SA43302] Fedora update for mod_auth_mysql Message-ID: <201102120524.p1C5O6Uw021822@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for mod_auth_mysql SECUNIA ADVISORY ID: SA43302 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43302/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43302 RELEASE DATE: 2011-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/43302/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43302/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43302 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mod_auth_mysql. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA33627 SOLUTION: Apply updated packages via the yum utility ("yum update mod_auth_mysql"). ORIGINAL ADVISORY: FEDORA-2011-0100: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html FEDORA-2011-0114: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 10:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 19:31:59 +0100 Subject: [SEC] [SA43283] SRWare Iron Multiple Vulnerabilities Message-ID: <201102161831.p1GIVxQD030743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SRWare Iron Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43283 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43283/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43283 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43283/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43283/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43283 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA43193 SOLUTION: Upgrade to version 9.0.600.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.srware.net/forum/viewtopic.php?f=18&t=2190 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 11:32:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 20:32:38 +0100 Subject: [SEC] [SA43330] Seo Panel "website_id" and "lang_code" SQL Injection Vulnerabilities Message-ID: <201102161932.p1GJWce4021276@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Seo Panel "website_id" and "lang_code" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43330 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43330/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43330 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43330/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43330/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43330 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in Seo Panel, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed via the "website_id" parameter to reports.php (when "sec" is set to "reportsum") is not properly sanitised in the "__getAllKeywords()" function in controllers/keyword.ctrl.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "lang_code" parameter to e.g. index.php is not properly sanitised in the "assignLangCode()" function in libs/controller.class.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22825, HTB22823): http://www.htbridge.ch/advisory/sql_injection_in_seo_panel_2.html http://www.htbridge.ch/advisory/sql_injection_in_seo_panel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 12:32:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 21:32:49 +0100 Subject: [SEC] [SA43272] Ubuntu update for qemu-kvm Message-ID: <201102162032.p1GKWn7v011777@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for qemu-kvm SECUNIA ADVISORY ID: SA43272 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43272/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43272 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43272/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43272/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43272 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for qemu-kvm. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42830 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1063-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001246.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 13:31:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 22:31:54 +0100 Subject: [SEC] [SA43289] ProjectForge "Maximum Hours" Cross-Site Scripting Vulnerability Message-ID: <201102162131.p1GLVswH002186@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: ProjectForge "Maximum Hours" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43289 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43289/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43289 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43289/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43289/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43289 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ProjectForge, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Maximum Hours" field when adding a new task is not properly sanitised before it is used in validation error messages returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the attacker can guess the correct "wicket:interface" parameter. The vulnerability is confirmed in version 3.5.2. Prior versions may also be affected. SOLUTION: Update to version 3.5.3. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by Paul Davis. ORIGINAL ADVISORY: ProjectForge Bug PF-185: https://www.projectforge.org/jira/browse/PF-185 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 14:27:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 23:27:08 +0100 Subject: [SEC] [SA43301] Debian update for openssl Message-ID: <201102162227.p1GMR8Ge024923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for openssl SECUNIA ADVISORY ID: SA43301 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43301/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43301 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43301/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43301/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43301 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2162-1: http://www.debian.org/security/2011/dsa-2162 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 14:54:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Feb 2011 23:54:23 +0100 Subject: [SEC] [SA43340] SUSE update for flash-player Message-ID: <201102162254.p1GMsNHJ013946@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA43340 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43340/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43340 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43340/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43340/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43340 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA43267 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2011:009: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 15:42:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 00:42:18 +0100 Subject: [SEC] [SA43317] Escort Agency CMS SQL Injection Vulnerability Message-ID: <201102162342.p1GNgIOA003986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Escort Agency CMS SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43317 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43317/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43317 RELEASE DATE: 2011-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/43317/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43317/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43317 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NoNameMT has discovered a vulnerability in Escort Agency CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain parameters when viewing model information is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: NoNameMT ORIGINAL ADVISORY: http://nonamemt.us/2011/02/escort-agency-cms-blind-sql-injection-vunerability/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 16:01:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 01:01:44 +0100 Subject: [SEC] [SA43318] TaskFreak Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201102170001.p1H01iWb025094@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TaskFreak Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43318 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43318/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43318 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43318/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43318/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43318 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered some vulnerabilities in TaskFreak, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "sContext", "sort", "dir", and "show" parameters to e.g. index.php and print_list.php is not properly sanitised in include/html/header.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 0.6.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4990.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 16:27:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 01:27:52 +0100 Subject: [SEC] [SA43331] OpenLDAP Two Security Bypass Vulnerabilities Message-ID: <201102170027.p1H0Rq18014075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: OpenLDAP Two Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA43331 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43331/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43331 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43331/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43331/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43331 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious people to bypass certain security restrictions. 1) An error in the "back-ldap" component when a slave server forwards password failures to a master server can be exploited to successfully authenticate with an invalid password. Successful exploitation of this vulnerability requires a master and slave configuration with the "ppolicy_forward_updates" option. 2) An error in the "back-ndb" component when handling authentication for a "rootdn" Distinguished Name (DN) can be exploited to perform arbitrary actions (e.g. searching or updating) without a valid password. Successful exploitation of this vulnerability requires knowing the "rootdn" value as configured in the slapd.conf file. The vulnerabilities are reported in versions prior to 2.4.24. SOLUTION: Update to version 2.4.24. PROVIDED AND/OR DISCOVERED BY: Reported by: 1) Chris Jacobs to the mailing list. 2) George Tzanetis in a bug report. ORIGINAL ADVISORY: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 16:48:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 01:48:22 +0100 Subject: [SEC] [SA43338] Fedora update for abcm2ps Message-ID: <201102170048.p1H0mMmj002762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for abcm2ps SECUNIA ADVISORY ID: SA43338 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43338/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43338 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43338/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43338/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43338 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for abcm2ps. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA39345 SA40033 SOLUTION: Apply updated packages via the yum utility ("yum update abcm2ps"). ORIGINAL ADVISORY: FEDORA-2011-1092: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 17:17:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 02:17:00 +0100 Subject: [SEC] [SA43298] IBM Lotus Connections Login Module Unspecified Vulnerability Message-ID: <201102170117.p1H1H0hF024289@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM Lotus Connections Login Module Unspecified Vulnerability SECUNIA ADVISORY ID: SA43298 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43298/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43298 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43298/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43298/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43298 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in IBM Lotus Connections. The vulnerability is caused due to an unspecified error when an application invokes an internal login module. No further information is currently available. The vulnerability is reported in version 3.0 running with fixpack 7.0.0.11 for WebSphere Application Server. SOLUTION: Apply hotfix 7.0.0.11-WS-WAS-IFPK54565.pak. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21462435 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 17:52:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 02:52:06 +0100 Subject: [SEC] [SA43277] DiY-Page Multiple Vulnerabilities Message-ID: <201102170152.p1H1q620013673@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: DiY-Page Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43277 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43277/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43277 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43277/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43277/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43277 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in DiY-Page, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change the password of the administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. NOTE: This can also be exploited to conduct SQL injection attacks. 2) Input passed e.g. via the "cataid" parameter to admin.php (when "mod" is set to "modcp", "formod" is set to "dpcms", "item" is set to "entryadm", and "do" is set to "list") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 8.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: cnryan, Wolves Security Team. ORIGINAL ADVISORY: Wolves Security Team: http://bbs.wolvez.org/viewtopic.php?id=209 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 18:13:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 03:13:06 +0100 Subject: [SEC] [SA43306] WordPress WP Forum Server Plugin "id" and "search_max" SQL Injection Vulnerabilities Message-ID: <201102170213.p1H2D6d9002370@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress WP Forum Server Plugin "id" and "search_max" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA43306 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43306/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43306 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43306/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43306/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43306 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in the WP Forum Server plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed via the "id" parameter to index.php (when "vasthtmlaction" is set to "editpost" and "page_id" is set) is not properly sanitised in wp-content/plugins/forum-server/wpf-post.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "search_max" parameter to index.php (when "vasthtmlaction" is set to "search" and "page_id" and "t" are set) is not properly sanitised in wp-content/plugins/forum-server/wpf.class.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.6.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22851, HTB22852): http://archives.neohapsis.com/archives/bugtraq/2011-02/0143.html http://archives.neohapsis.com/archives/bugtraq/2011-02/0141.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 18:47:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 03:47:32 +0100 Subject: [SEC] [SA43123] Linksys WAP610N Telnet Root Access Security Issue Message-ID: <201102170247.p1H2lWta024169@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Linksys WAP610N Telnet Root Access Security Issue SECUNIA ADVISORY ID: SA43123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43123 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Matteo Ignaccolo has reported a security issue in Linksys WAP610N, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the device containing a Telnet-based administration console with an enabled root-user account. This can be exploited to gain administrative access to the device by connecting to port 1111/TCP. The security issue is reported in versions 1.0.00 and 1.0.01. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Matteo Ignaccolo, Secure Network. ORIGINAL ADVISORY: http://www.securenetwork.it/ricerca/advisory/download/SN-2010-08.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 19:15:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 04:15:06 +0100 Subject: [SEC] [SA43328] PHP Two Denial of Service Vulnerabilities Message-ID: <201102170315.p1H3F6AZ013694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: PHP Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA43328 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43328/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43328 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43328/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43328/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43328 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL pointer dereference error within the "_zip_name_locate()" function in ext/zip/lib/zip_name_locate.c and can be exploited to cause a crash when performing certain actions using the "ZipArchive" class on specially crafted archives. Successful exploitation requires that the "ZIPARCHIVE::FL_UNCHANGED" option is used. 2) An error within the "exif_process_IFD_TAG()" function in ext/exif/exif.c can be exploited to cause a crash when processing malformed IFD (Image File Descriptor) tags in images with specially crafted EXIF information. Successful exploitation requires a 64bit system and may also require that a large (> 4 GiB) or no memory limit is set via the PHP "memory_limit" setting. The vulnerabilities are confirmed in version 5.3.5. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Maksymilian Arciemowicz 2) Luca Carettoni ORIGINAL ADVISORY: 1) http://bugs.php.net/bug.php?id=53885 2) http://www.openwall.com/lists/oss-security/2011/02/14/1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 19:47:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 04:47:08 +0100 Subject: [SEC] [SA43320] MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201102170347.p1H3l8su002920@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43320 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43320/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43320 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43320/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43320/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43320 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in MySQL Eventum, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input appended to the URL after e.g. forgot_password.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "keywords" parameter to list.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed e.g. via the "customer_id", "status", "priority", "category", "customer_email", "reporter", "release", and "pageRow" parameters to list.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOTE: Vulnerabilities #2 and #3 can also be exploited to conduct script insertion attacks by tricking a logged in user into clicking a malicious link or visiting a malicious web site. The vulnerabilities are confirmed in version 2.3. Other versions may also be affected. SOLUTION: Update to version 2.3.1. PROVIDED AND/OR DISCOVERED BY: 1, 2) Gjoko Krstic, Zero Science Lab. 3) Reported by the vendor. ORIGINAL ADVISORY: MySQL: http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4260 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4278 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4279 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4281 Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4989.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 20:12:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 05:12:12 +0100 Subject: [SEC] [SA43335] Avaya Communication Manager krb5 GSS-API NULL Pointer Dereference Vulnerability Message-ID: <201102170412.p1H4CCYX024271@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Avaya Communication Manager krb5 GSS-API NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA43335 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43335/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43335 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43335/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43335/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43335 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya Communication Manager, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA39799 The vulnerability is reported in versions 5.2.1 and prior. SOLUTION: Update to version 5.2.1 with Security Service Pack PLAT-rhel4-1008. ORIGINAL ADVISORY: ASA-2010-160: https://support.avaya.com/css/P8/documents/100090137 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 20:46:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 05:46:29 +0100 Subject: [SEC] [SA43192] Debian update for tomcat6 Message-ID: <201102170446.p1H4kTmF013604@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for tomcat6 SECUNIA ADVISORY ID: SA43192 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43192/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43192 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43192/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43192/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43192 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). For more information: SA43194 SOLUTION: Install updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2160-1: http://www.debian.org/security/2011/dsa-2160 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 21:11:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 06:11:28 +0100 Subject: [SEC] [SA43048] Debian update for openjdk-6 Message-ID: <201102170511.p1H5BSvS002487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA43048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43048 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2161-1: http://lists.debian.org/debian-security-announce/2011/msg00026.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 21:47:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 06:47:21 +0100 Subject: [SEC] [SA43333] Fedora update for java-1.6.0-openjdk Message-ID: <201102170547.p1H5lL5w024348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA43333 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43333/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43333 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43333/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43333/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43333 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Apply updated packages via the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2011-1231: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html FEDORA-2011-1263: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Feb 16 22:11:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 07:11:56 +0100 Subject: [SEC] [SA43324] phpMyAdmin SQL Query Bookmarks Security Bypass Message-ID: <201102170611.p1H6BuYG013237@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: phpMyAdmin SQL Query Bookmarks Security Bypass SECUNIA ADVISORY ID: SA43324 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43324/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43324 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43324/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43324/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43324 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in phpMyAdmin, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error within the handling of bookmarked SQL queries, which can be exploited to e.g. trick other users into executing unintended bookmarked SQL queries. Successful exploitation requires that the bookmarks functionality is enabled and the configuration storage is set up and enabled. The security issue is reported in versions prior to 3.3.9.2 and prior to 2.11.11.3. SOLUTION: Update to version 3.3.9.2 or later and 2.11.11.3 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: PMASA-2011-2: http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 10:48:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 19:48:02 +0100 Subject: [SEC] [SA43365] Red Hat update for bash Message-ID: <201102171848.p1HIm2IW028622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for bash SECUNIA ADVISORY ID: SA43365 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43365/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43365 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43365/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43365/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43365 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bash. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "aliasconv.bash", "aliasconv.sh", and "cshtobash" scripts handling temporary files in an insecure manner. This can be exploited via symlink attacks to overwrite the content of arbitrary files with the privileges of the user running the script. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0261-1: http://rhn.redhat.com/errata/RHSA-2011-0261.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 11:36:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 20:36:36 +0100 Subject: [SEC] [SA43366] Red Hat update for sendmail Message-ID: <201102171936.p1HJaaKJ018609@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for sendmail SECUNIA ADVISORY ID: SA43366 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43366/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43366 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43366/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43366/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43366 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for sendmail. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA37998 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0262-1: http://rhn.redhat.com/errata/RHSA-2011-0262.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 12:33:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 21:33:41 +0100 Subject: [SEC] [SA43393] Cisco Security Agent Management Center File Upload Vulnerability Message-ID: <201102172033.p1HKXfAT008936@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Cisco Security Agent Management Center File Upload Vulnerability SECUNIA ADVISORY ID: SA43393 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43393/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43393 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43393/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43393/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43393 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Security Agent, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43383 The vulnerability is reported in versions 5.1 and 5.2. SOLUTION: Apply a workaround (please see the vendor's advisory for details) or upgrade to version 6.0.2.145. PROVIDED AND/OR DISCOVERED BY: Gerry Eisenhaur via ZDI. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110216-csa.shtml ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-088/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 14:16:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Feb 2011 23:16:59 +0100 Subject: [SEC] [SA43323] Debian update for ffmpeg-debian Message-ID: <201102172216.p1HMGxf4001254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for ffmpeg-debian SECUNIA ADVISORY ID: SA43323 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43323/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43323 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43323/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43323/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43323 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ffmpeg-debian. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. NOTE: This update also fixes an incomplete patch from update DSA-2000-1. For more information: SA38643 SA41626 SA43197 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2165-1: http://lists.debian.org/debian-security-announce/2011/msg00031.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 16:24:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 01:24:30 +0100 Subject: [SEC] [SA43388] Fedora update for openoffice.org Message-ID: <201102180024.p1I0OUIm026943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for openoffice.org SECUNIA ADVISORY ID: SA43388 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43388/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43388 RELEASE DATE: 2011-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/43388/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43388/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43388 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openoffice.org. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updated packages via the yum utility ("yum update openoffice.org"). ORIGINAL ADVISORY: FEDORA-2011-0837: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054137.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 19:23:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 04:23:01 +0100 Subject: [SEC] [SA43337] Oracle Database Export Utility Buffer Overflow Vulnerability Message-ID: <201102180323.p1I3N1eF022741@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Oracle Database Export Utility Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43337 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43337/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43337 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43337/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43337/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43337 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Oracle Database, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the command line based export utility (exp.exe) when processing a parameter file (PARFILE). This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to the "file" parameter in a specially crafted file. Successful exploitation allows execution of arbitrary code, but requires tricking a user with access to a database to execute the utility using a malicious parameter file. The vulnerability is confirmed in version 11.2.0.1.0 and reported in version 10.x. Other versions may also be affected. SOLUTION: Do not execute the export utility using untrusted files. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Feb 17 21:56:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 06:56:34 +0100 Subject: [SEC] [SA43363] Red Hat update for kernel Message-ID: <201102180556.p1I5uYnE017050@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA43363 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43363/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43363 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43363/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43363/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43363 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose certain system information and gain escalated privileges. For more information: SA42035 SA42765 SA43009 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0263-1: http://rhn.redhat.com/errata/RHSA-2011-0263.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 10:31:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 19:31:11 +0100 Subject: [SEC] [SA43386] Red Hat update for java-1.6.0-openjdk Message-ID: <201102181831.p1IIVBaA006382@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA43386 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43386/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43386 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43386/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43386/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43386 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0281-1: https://rhn.redhat.com/errata/RHSA-2011-0281.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 11:30:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 20:30:45 +0100 Subject: [SEC] [SA43362] Red Hat update for fence Message-ID: <201102181930.p1IJUjU3029231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for fence SECUNIA ADVISORY ID: SA43362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43362 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for fence. This fixes a some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA31887 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0266-1: https://rhn.redhat.com/errata/RHSA-2011-0266.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 12:31:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 21:31:00 +0100 Subject: [SEC] [SA42880] Dell DellSystemLite.Scanner ActiveX Control Two Vulnerabilities Message-ID: <201102182031.p1IKV0pt019736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Dell DellSystemLite.Scanner ActiveX Control Two Vulnerabilities SECUNIA ADVISORY ID: SA42880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42880 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/42880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in Dell DellSystemLite.Scanner ActiveX control, which can be exploited by malicious people to disclose various information. 1) An input validation error in the "GetData()" method can be exploited to disclose the contents of arbitrary text files via directory traversal specifiers passed in the "fileID" parameter. 2) The unsafe property "WMIAttributesOfInterest" allows assigning arbitrary WMI Query Language (WQL) statements and can be exploited to e.g. disclose system information like installed software. The vulnerabilities are confirmed in DellSystemLite.ocx version 1.0.0.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-10/ http://secunia.com/secunia_research/2011-11/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 13:31:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 22:31:07 +0100 Subject: [SEC] [SA43316] Ubuntu update for telepathy-gabble Message-ID: <201102182131.p1ILV78i010214@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for telepathy-gabble SECUNIA ADVISORY ID: SA43316 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43316/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43316 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43316/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43316/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43316 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for telepathy-gabble. This fixes a vulnerability, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA43369 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1067-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001251.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 14:24:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 23:24:40 +0100 Subject: [SEC] [SA43369] Telepathy Gabble Audio and Video Calls Hijacking Vulnerability Message-ID: <201102182224.p1IMOetw000335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Telepathy Gabble Audio and Video Calls Hijacking Vulnerability SECUNIA ADVISORY ID: SA43369 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43369 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43369/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43369/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43369 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Telepathy Gabble, which can be exploited by malicious people to conduct hijacking attacks. The vulnerability is caused due to a validation error in the Jabber/XMMP connection manager when processing "google:jingleinfo" updates. This can be exploited to intercept audio and video calls by relaying streamed media through an attacker's server. Successful exploitation requires an attacker to be a target's contact. The vulnerability is reported in versions prior to 0.11.7. SOLUTION: Update to version 0.11.7. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://bugs.freedesktop.org/show_bug.cgi?id=34048 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 14:45:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Feb 2011 23:45:56 +0100 Subject: [SEC] [SA43400] HP NonStop Server NonStop Java Double Literal Parsing Denial of Service Message-ID: <201102182245.p1IMjuik021540@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: HP NonStop Server NonStop Java Double Literal Parsing Denial of Service SECUNIA ADVISORY ID: SA43400 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43400/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43400 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43400/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43400/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43400 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged a vulnerability in HP NonStop Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 The vulnerability is reported in HP NonStop Server running all versions of NonStop Java. SOLUTION: Run the FPUpdater tool or apply SPRs of NonStop Java released after 15th February, 2011. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBNS02633 SSRT100390: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 15:10:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 00:10:40 +0100 Subject: [SEC] [SA43367] Red Hat update for ccs Message-ID: <201102182310.p1INAeIl010435@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for ccs SECUNIA ADVISORY ID: SA43367 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43367/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43367 RELEASE DATE: 2011-02-18 DISCUSS ADVISORY: http://secunia.com/advisories/43367/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43367/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43367 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for ccs. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA32602 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0265-01: https://rhn.redhat.com/errata/RHSA-2011-0265.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 15:46:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 00:46:15 +0100 Subject: [SEC] [SA43345] Debian update for shadow Message-ID: <201102182346.p1INkFIa032226@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for shadow SECUNIA ADVISORY ID: SA43345 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43345/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43345 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43345/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43345/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43345 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for shadow. This fixes a vulnerability, which can be exploited by malicious, local users to manipulate certain data. For more information: SA42505 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA 2164-1: http://lists.debian.org/debian-security-announce/2011/msg00030.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 16:11:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 01:11:23 +0100 Subject: [SEC] [SA43256] WordPress Enable Media Replace Plugin Multiple Vulnerabilities Message-ID: <201102190011.p1J0BNYX021144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WordPress Enable Media Replace Plugin Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43256 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43256/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43256 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43256/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43256/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43256 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Enable Media Replace plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed via the "attachment_id" parameter to wp-admin/upload.php (when "page" is set to "enable-media-replace/enable-media-replace.php" and "action" is set to "media_replace") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) The wp-content/plugins/enable-media-replace/upload.php script allows replacing existing files (when the "replace_type" POST parameter is not set to "replace"). This can be exploited to execute arbitrary code by uploading a PHP file. Successful exploitation of these vulnerabilities requires "Author" role. The vulnerabilities are confirmed in version 2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Grant the "Author" role to trusted users only. PROVIDED AND/OR DISCOVERED BY: Ulf Harnhammar ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/16144/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 16:46:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 01:46:06 +0100 Subject: [SEC] [SA43264] Adobe ColdFusion Multiple Vulnerabilities Message-ID: <201102190046.p1J0k6vP010490@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe ColdFusion Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43264 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to disclose certain information, conduct cross-site scripting, HTTP header injection, and session fixation attacks. 1) Certain unspecified input passed to the ColdFusion administrator console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being used in HTTP responses. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site. 3) An unspecified error in the ColdFusion administrator console can be exploited to disclose certain data. 4) Certain input passed via cfform tags is not properly sanitised before being returned to the user. This could be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. The vulnerabilities are reported in versions 8.0, 8.0.1, 9.0, and 9.0.1 running on Windows, Macintosh, and UNIX. SOLUTION: Apply the Hotfix. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Richard Brain of ProCheckUp, HongZhen Zhou of McAfee, Tenable Network Security, Bogdan Calin, and Michael Dominice. 2) Pete Freitag, Foundeo. 3) Tom Sellers, FadedCode. 4)Chad Armond. 5) Jason Dean, 12robots. ORIGINAL ADVISORY: Adobe (APSB11-04): http://www.adobe.com/support/security/bulletins/apsb11-04.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 17:13:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 02:13:50 +0100 Subject: [SEC] [SA43252] Microsoft Windows OpenType Compact Font Format Driver Vulnerability Message-ID: <201102190113.p1J1Do9D031919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows OpenType Compact Font Format Driver Vulnerability SECUNIA ADVISORY ID: SA43252 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43252/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43252 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43252/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43252/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43252 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the Windows OpenType Compact Font Format (CFF) driver when parsing certain parameters in OpenType fonts. Successful exploitation may allow execution of arbitrary code with kernel privileges. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-007 (KB2485376): http://www.microsoft.com/technet/security/bulletin/ms11-007.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 17:45:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 02:45:52 +0100 Subject: [SEC] [SA43233] DESLock+ vdlptokn.sys Privilege Escalation Vulnerability Message-ID: <201102190145.p1J1jq6K021126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: DESLock+ vdlptokn.sys Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA43233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43233 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Neil Kettle has discovered a vulnerability in DESlock+, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the vdlptokn.sys kernel driver not properly validating a certain pointer in a structure. This can be exploited to execute arbitrary code with SYSTEM privileges via a specially crafted IOCTL sent to the affected driver. The vulnerability is reported in version 3.2.7 and confirmed in version 4.1.12. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Neil Kettle, Digit Security Ltd ORIGINAL ADVISORY: http://www.digit-security.com/advisory-detail.php?n=80 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 18:11:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 03:11:36 +0100 Subject: [SEC] [SA43239] WebAsyst Shop-Script Multiple Vulnerabilities Message-ID: <201102190211.p1J2Ba8x010066@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: WebAsyst Shop-Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43239 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43239/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43239 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43239/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43239/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43239 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in WebAsyst Shop-Script, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "app" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. alter application data when a logged-in user visits a specially crafted web page. 3) Input passed to the "orderID_textbox" parameter (when "did" is set to "21") and input via the URL (when "did" is set to "22") in SC/html/scripts/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters or character sequences via a proxy. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22817: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script.html HTB22818: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_webasyst_shop_script.html HTB22819: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 18:45:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 03:45:59 +0100 Subject: [SEC] [SA43310] VMware vCenter / ESX Server Apache Tomcat Multiple Vulnerabilities Message-ID: <201102190245.p1J2jxPT031784@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter / ESX Server Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43310 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43310/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43310 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43310/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43310/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43310 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in VMware vCenter / ESX Server, which can be exploited by malicious users and malicious people to manipulate certain data, and by malicious people to disclose system information, gain access to potentially sensitive information, and cause a DoS (Denial of Service). For more information: SA38316 SA39574 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 19:14:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 04:14:37 +0100 Subject: [SEC] [SA43313] VMware ESXi curl Security Issue Message-ID: <201102190314.p1J3EbFt021343@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware ESXi curl Security Issue SECUNIA ADVISORY ID: SA43313 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43313/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43313 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43313/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43313/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43313 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged a security issue in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA38427 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 19:45:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 04:45:42 +0100 Subject: [SEC] [SA43309] VMware Products Oracle (Sun) JRE Multiple Vulnerabilities Message-ID: <201102190345.p1J3jgSG010524@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware Products Oracle (Sun) JRE Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43309 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43309/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43309 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43309/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43309/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43309 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware vCenter Server, Update Manager, and ESX Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply patch if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 20:10:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 05:10:02 +0100 Subject: [SEC] [SA43206] VMware vCenter Server / Update Manager SQL Express Multiple Vulnerabilities Message-ID: <201102190410.p1J4A2Wq031794@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: VMware vCenter Server / Update Manager SQL Express Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43206 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43206/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43206 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43206/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43206/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43206 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware vCenter Server / Update Manager, which can be exploited by malicious users to gain escalated privileges. For more information: SA30970 SA33034 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2011-0003: http://www.vmware.com/security/advisories/VMSA-2011-0003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 20:23:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 05:23:59 +0100 Subject: [SEC] [SA43300] Slackware update for expat Message-ID: <201102190423.p1J4Nx5u020202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Slackware update for expat SECUNIA ADVISORY ID: SA43300 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43300/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43300 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43300/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43300/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43300 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for expat. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36159 SA36425 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2011-041-02: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 20:45:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 05:45:01 +0100 Subject: [SEC] [SA43326] F-Secure Internet Gatekeeper Log File Access Security Bypass Message-ID: <201102190445.p1J4j1ZJ008913@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: F-Secure Internet Gatekeeper Log File Access Security Bypass SECUNIA ADVISORY ID: SA43326 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43326/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43326 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43326/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43326/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43326 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has reported in F-Secure Internet Gatekeeper, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the web interface not checking for authentication when accessing log files, which can be exploited to disclose contents of log files. The security issue is reported in F-Secure Internet Gatekeeper for Linux version 3.03. SOLUTION: Apply Hotfix 1 or upgrade to version 4.x. PROVIDED AND/OR DISCOVERED BY: The vendor credits Hiroshi Mizoguchi, Easynet Inc. ORIGINAL ADVISORY: FSC-2011-1: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-1.html JVN#71542734: http://jvn.jp/en/jp/JVN71542734/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 21:10:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 06:10:08 +0100 Subject: [SEC] [SA43299] Microsoft Windows SMB Browser Election Request Parsing Vulnerability Message-ID: <201102190510.p1J5A8V6030228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Browser Election Request Parsing Vulnerability SECUNIA ADVISORY ID: SA43299 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43299/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43299 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43299/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43299/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43299 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cupidon-3005 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer underflow error when processing a Browser Election request. This can be exploited to cause a buffer overflow via an overly long Server Name string sent in a specially crafted packet. Successful exploitation may allow execution of arbitrary code, but requires the target system to be a Master Browser. The vulnerability is confirmed on a fully patched Windows Server 2003 Standard Edition SP2 (mrxsmb.sys version 5.2.3790.4671). Other versions may also be affected. SOLUTION: Restrict access within a broadcast domain to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Cupidon-3005 ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 21:24:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 06:24:08 +0100 Subject: [SEC] [SA43284] Smarty "{smarty.template}" and "{smarty.current_dir}" Security Bypass Message-ID: <201102190524.p1J5O8kj018636@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Smarty "{smarty.template}" and "{smarty.current_dir}" Security Bypass SECUNIA ADVISORY ID: SA43284 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43284/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43284 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43284/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43284/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43284 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Smarty, which can be exploited malicious people to bypass certain security restrictions. The vulnerabilities are caused due to Smarty not properly sanitising the filename or location of templates before using them. This can be exploited to bypass the template security and execute arbitrary PHP commands via an affected application relying on the template security features by creating a template containing "{smarty.template}" with a specially crafted filename or "{smarty.current_dir}" in a specially named folder. Successful exploitation requires control over the template's filename or folder and content. The vulnerabilities are confirmed in version 3.0.6. Other versions may also be affected. SOLUTION: Update to version 3.0.7. PROVIDED AND/OR DISCOVERED BY: jonieske ORIGINAL ADVISORY: Smarty: http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8 http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt jonieske: http://www.smarty.net/forums/viewtopic.php?t=18815 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 21:44:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 06:44:56 +0100 Subject: [SEC] [SA43265] Dolphin "explain" Cross-Site Scripting Vulnerability Message-ID: <201102190544.p1J5iuw9007342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Dolphin "explain" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43265 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered a vulnerability in Dolphin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "explain" parameter to explanation.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 7.0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: AutoSec Tools: http://www.autosectools.com/Advisories/Dolphin.7.0.4_Reflected.Cross-site.Scripting_105.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Feb 18 22:09:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 07:09:58 +0100 Subject: [SEC] [SA43279] SourceBans Cross-Site Scripting Vulnerabilities Message-ID: <201102190609.p1J69w7f028649@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SourceBans Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA43279 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43279/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43279 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43279/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43279/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43279 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in SourceBans, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "BanReason", "SteamID", and "EmailAddr" parameters in index.php (when "p" is set to "protest" or "submit"), "BanIP" parameter in index.php (when "p" is set to "submit"), and "PlayerName" parameter in index.php (when "p" is set to "protest") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.4.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sw1tCh OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 10:30:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 19:30:31 +0100 Subject: [SEC] [SA43339] Fedora update for openssl Message-ID: <201102191830.p1JIUVEa017333@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Fedora update for openssl SECUNIA ADVISORY ID: SA43339 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43339/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43339 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43339/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43339/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43339 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Apply updated packages via the yum utility ("yum update openssl"). ORIGINAL ADVISORY: FEDORA-2011-1273: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 11:30:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 20:30:40 +0100 Subject: [SEC] [SA43229] Ubuntu update for krb5 Message-ID: <201102191930.p1JJUe2r007824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA43229 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43229/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43229 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43229/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43229/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43229 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43260 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1062-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001247.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 12:31:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 21:31:18 +0100 Subject: [SEC] [SA43280] Red Hat update for java-1.6.0-openjdk Message-ID: <201102192031.p1JKVIJK030715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA43280 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43280/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43280 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43280/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43280/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43280 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-openjdk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0214-1: https://rhn.redhat.com/errata/RHSA-2011-0214.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 13:30:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 22:30:52 +0100 Subject: [SEC] [SA43325] IBM OS/400 Java "parseDouble()" Denial of Service Vulnerability Message-ID: <201102192130.p1JLUqc9021183@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: IBM OS/400 Java "parseDouble()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43325 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM OS/400, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43262 The vulnerability is reported in versions V5R4M0 and V6R1M0. SOLUTION: Apply APARs SE46870, SE46871, SE46872, SE46873, SE46877, SE46878, and SE46879. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff http://www.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505 http://www.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513 http://www.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7 http://www.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520 http://www.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519 http://www.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 14:25:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 23:25:19 +0100 Subject: [SEC] [SA43290] Debian update for openjdk-6 Message-ID: <201102192225.p1JMPJRV011401@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA43290 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43290/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43290 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43290/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43290/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43290 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data. 1) Multiple unspecified errors have unknown impacts and can be exploited via e.g. "malicious mobile code". For more information: SA41791 SA43262 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2161-2: http://lists.debian.org/debian-security-announce/2011/msg00029.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 14:46:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Feb 2011 23:46:04 +0100 Subject: [SEC] [SA43266] Joomla! Kunena Component "catids" SQL Injection Vulnerability Message-ID: <201102192246.p1JMk4RZ032512@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Joomla! Kunena Component "catids" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43266 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43266/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43266 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43266/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43266/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43266 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Matter Inc. has discovered a vulnerability in the Kunena component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catids" parameter to index.php (when "option" is set to "com_kunena", "func" is set to "advsearch", and "q" is set to any value) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.6.2. Prior versions may also be affected. SOLUTION: Update to version 1.6.3. PROVIDED AND/OR DISCOVERED BY: Red Matter Inc. ORIGINAL ADVISORY: http://seclists.org/fulldisclosure/2011/Feb/254 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 15:10:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Feb 2011 00:10:56 +0100 Subject: [SEC] [SA43322] phpMyBitTorrent "id" SQL Injection Vulnerability Message-ID: <201102192310.p1JNAutQ021405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: phpMyBitTorrent "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA43322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43322 RELEASE DATE: 2011-02-19 DISCUSS ADVISORY: http://secunia.com/advisories/43322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in phpMyBitTorrent, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to confirminvite.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.0.4 Gold. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: #forkbombers OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 15:45:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Feb 2011 00:45:49 +0100 Subject: [SEC] [SA43297] Debian update for python-django Message-ID: <201102192345.p1JNjnHZ010768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Debian update for python-django SECUNIA ADVISORY ID: SA43297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43297 RELEASE DATE: 2011-02-20 DISCUSS ADVISORY: http://secunia.com/advisories/43297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for python-django. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks. For more information: SA43230 SOLUTION: Install updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2163-1: http://lists.debian.org/debian-security-announce/2011/msg00028.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 16:11:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Feb 2011 01:11:17 +0100 Subject: [SEC] [SA43332] TYPO3 Cross-Site Request Forgery Vulnerability Message-ID: <201102200011.p1K0BHDp032085@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: TYPO3 Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA43332 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43332/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43332 RELEASE DATE: 2011-02-20 DISCUSS ADVISORY: http://secunia.com/advisories/43332/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43332/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43332 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TYPO3, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to TYPO3 allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change an administrator's password when a logged-in administrator visits a specially crafted web page. The vulnerability is confirmed in versions 4.2, 4.3, and 4.4. Prior versions may also be affected. SOLUTION: Update to version 4.5. PROVIDED AND/OR DISCOVERED BY: Sven Taute. ORIGINAL ADVISORY: TYPO3 4.5 Release Notes: http://typo3.org/download/release-notes/typo3-45/ TYPO3 Wiki: http://wiki.typo3.org/TYPO3_4.5#Security TYPO3 Blog: http://buzz.typo3.org/teams/security/article/typo3-45-will-be-the-most-secure-typo3-version-ever/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Feb 19 16:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Feb 2011 01:46:37 +0100 Subject: [SEC] [SA43342] SRWare Iron Multiple Vulnerabilities Message-ID: <201102200046.p1K0kbjs021450@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: SRWare Iron Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43342 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43342/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43342 RELEASE DATE: 2011-02-20 DISCUSS ADVISORY: http://secunia.com/advisories/43342/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43342/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43342 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. For more information: SA43021 SOLUTION: Update to version 9.0.600.1 ORIGINAL ADVISORY: http://www.srware.net/forum/viewtopic.php?f=18&t=2190 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------